Back to the list

OpenSea experiences email data breach, warns users of phishing scams


cryptoslate.com 30 June 2022 09:40, UTC
Reading time: ~2 m

OpenSea, the world’s largest NFT marketplace, suffered an email data breach that would affect the majority of its customers.

An employee of Customer.io, an email vendor contracted by OpenSea, reportedly misused their access to download and share email addresses with an unauthorized external party. The company said that the email addresses users and newsletter subscribers provided to OpenSea were impacted.

“If you have shared your email with OpenSea in the past, you should assume you were impacted,” the company said.

OpenSea noted that the data breach could lead to email phishing attempts, warning users to beware of any emails they receive that don’t come from OpenSea’s official domain.

1) We will ONLY send you emails from the domain ‘https://t.co/3qvMZjxmDB.’ Be aware of attempts to impersonate OpenSea through slight variations of our domain name, like below: pic.twitter.com/2tvgC6g3kD

— OpenSea (@opensea) June 30, 2022

Customer.io has already launched an investigation into the matter and the incident has been reported to law enforcement, the company said. Users have already begun reporting an uptick in phishing emails from fake OpenSea domains.

This isn’t the first time OpenSea users were targeted by phishing scams. In February this year, close to $2 million worth of NFTs were stolen in an elaborate phishing attack that affected 32 users. The attack caused activities on OpenSea to drop significantly, with the platform losing over a third of its trading volume and a fifth of its users.

Marketing tools such as email newsletter platforms and customer relationship management (CRM) software continue to be a weak link in the security of many crypto and blockchain platforms. In March, a data breach at HubSpot, one of the most popular marketing campaign platforms, affected over two dozen large crypto companies.

BlockFi, Circle, Swan Bitcoin, Pantera Capital, and NYDIG all reported that a portion of its users’ information was leaked to hackers. And while the companies said that none of its operations or treasuries were affected, users reported a significant increase in phishing emails.

Back to the list