OpenSea, the popular NFT marketplace that hit a colossal $13 billion valuation, is warning users of email phishing after a data breach. OpenSea is the world’s first and largest web3 marketplace for NFTs and crypto collectibles. Browse, create, buy, sell, and auction NFTs using OpenSea today. It is the premier destination to browse, buy and sell NFTs including music, collectibles, art, and gaming items. NFTs are a kind of digital asset where each token is unique and can’t be duplicated as opposed to fungible assets, which are all interchangeable and worth exactly the same amount.
OpenSea said it learned that an employee of Customer.io, its email delivery vendor, misused employee access to download and share email addresses provided by OpenSea users and subscribers to its newsletter with an unauthorized external party. A person who claims to have been the owner of a BAYC non-fungible token has decided to sue NFT marketplace OpenSea. It is in the midst of a more recent data breach that has cost the company hundreds of digital collectibles amounting to losses worth $1.7 million.
The OpenSea data breach:
Ultimately, the scale of the security breach seems to be simply massive. More than 1.8 million users have made at least one purchase through the Ethereum network on OpenSea, according to data collected by Dune Analytics, an open-source crypto analytics platform. Additionally, anyone who subscribed to its newsletter may have had their email address compromised. The employee in question has had all-access removed and has been suspended pending the conclusion of their investigation.
OpenSea cautioned users to stay vigilant about their email practices, and be alert for any attempt to impersonate OpenSea via email. With so many email addresses from OpenSea users exposed, bad actors could easily impersonate OpenSea or its employees, goading users into clicking links that would see their NFT wallets and collections emptied in a flash.
One of the most prevalent forms of hacking attacks and thefts in the NFT space is the age-old phishing attack. OpenSea was hit by a phishing attack and at least 32 users had lost their valuable NFTs worth $1.7 million. Devin Finzer, the Co-Founder and CEO said the phishing attack, confirming that at least 32 users lost NFTs. Since 2021, hackers have successfully plundered millions of dollars worth of NFTs via malicious links across the entire space including OpenSea. Because the data compromise included email addresses, there may be a heightened likelihood of email phishing attempts.
The hack happened as OpenSea announced a new smart contract upgrade with a one-week deadline to delist inactive NFTs on the platform. With OpenSea still recovering from the highly-publicized case of insider trading done by one of its former employees, this data breach has dealt yet another blow to the NFT marketplace’s public image. Growing at a breakneck rate, self-proclaimed web3 platforms rely on centralized cloud services, compared to those built on distributed ledger technologies like blockchain.