Back to the list

NFT company OpenSea cautions users on latest email phishing following a data breach


www.cryptopolitan.com 30 June 2022 09:24, UTC
Reading time: ~2 m

Opensea, a well-known NFT marketplace with a staggering $13 billion valuation in January, is alerting customers to email phishing following a data breach.

The largest NFT marketplace in the world said that a staff member at Customer.io, an email vendor hired by OpenSea, misappropriated their employee access to download and distribute email addresses of OpenSea’s users and newsletter subscribers with an illegal outside entity.

The security compromise appears to be of enormous scope. The company stated that if you have provided your email with OpenSea in the past, you should presume you were impacted. As a quick response to the incident, the Company has informed law enforcement and is cooperating with Customer.io in an ongoing investigation.

Screenshots posted on Twitter demonstrate that OpenSea also emailed consumers to alert them to the incident.

Popular NFT giant Opensea attacks

The most latest data breach is far from the only significant attack this year on OpenSea and its subscribers. The famous NFT marketplace’s Discord server was hacked in May, which sparked a flood of phishing attacks. Numerous user wallets were in fact exploited. 

The platform experienced one of its most severe attacks to date in January, during which an exploit allowed attackers to sell NFTs without authorization. The market compensated for losses of $1.8 million.

Email newsletter management systems and customer relationship management (CRM) software seem to be a weak point for crypto firms due to the high frequency of data leaks.

A breach of Hubspot, a program similar to Customer.io, affected BlockFi, Swan Bitcoin, NYDIG, and Circle in March. Users’ names, contact information, and email addresses were made available to a third party.

Fatman Terra, a renowned cryptocurrency whistleblower questioned as to whether the outside party simply received the list of email addresses or whether they also received the list of associated blockchain addresses. 

An NFT marketplace employee responded by saying that Customer.io does not have access to any wallet addresses.

@FatManTerra https://t.co/S6A49fS8IR doesn't have access to any wallet addresses. An employee of our email vendor, https://t.co/S6A49fS8IR, misused their employee access to download & shared email addresses with an unauthorized external party.

— Anne Fauvre-Willis (anniefauv.eth | anniefauv.sol) (@AnnieFauv) June 30, 2022

Customers of OpenSea are complaining about a spike in spam calls, messages, and emails on Twitter. However, the platform cautioned users that dishonest actors may try to contact them using emails with addresses that resemble OpenSea.io, including OpenSea.org or OpenSea.xyz.

Back to the list