OpenSea Users’ Email Addresses Exposed Following Data Breach

Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.

While the broader crypto market has suffered a significant downturn, non-fungible tokens (NFTs) have proven to be viable investments. However, services in the crypto space have suffered a spate of security breaches and hacks.

The latest to report a security issue is OpenSea – the largest marketplace for NFTs.

Customer.io Exploit Spills Over to OpenSea

Earlier today, OpenSea took to Twitter to confirm that all of its users who had given their emails to OpenSea had been affected by a massive security breach. According to OpenSea, the breach appears to have been caused by an employee of Customer.io – a mail automation service that helps companies reach out to customers and manage their sales funnels via email marketing and communication.

The employee at Customer.io leaked Customer.io’s mailing list to a third party. OpenSea confirmed that it is investigating the matter and is working with law enforcement agents but also warned all customers to be wary of potential phishing and malware attacks.

The company especially asserted that attackers might send spam emails to customers with addresses like OpenSea.io or OpenSea.xyz. Several Twitter users have already reported cases of phishing attempts, confirming that the attackers would most likely intensify their efforts in the near future.

This customer.io breach is not the first security compromise that OpenSea has had. An exploit that occurred in January allowed attackers to sell NFT tokens on OpenSea without permission. Although the company solved the problem quickly, it had to pay $1.8 million in victim reimbursements and settlements.

Last month, hackers gained control of OpenSea’s main Discord page. At the time, a screenshot shared by industry news publication Wu Blockchain showed that the attackers had begun sharing news of a “YouTube collaboration” as well as a link to a phishing page.

The initial post from the hacker, which was published on the Discord channel’s announcements page, announced that OpenSea had partnered with YouTube to “bring their community into the NFT space”. They also claimed that community members would get a mint pass that would allow them to mint their projects and invest in NFTs for free.

OpenSea eventually confirmed the hack, asking community members to be wary of phishing scams. They also recommended that members avoid clicking links on the Discord channel for the time being.

Despite the company’s best efforts, it would appear that the intruder was able to stay on the server for quite some time. They posted follow-up messages to the Discord channel, even reposting their fake link and claiming that over half of their fake collection’s supply had already been minted.

It is unclear how much was stolen in the phishing attack of last month. However, the company will now be working towards regaining customer trust.

Security an Increasing Problem for NFT Companies

Although OpenSea has suffered multiple hacks this year, it is not the only NFT brand with this problem.

Yuga Labs, the company behind the wildly popular Bored Ape Yacht Club NFTs, has also been dealing with a rise in scams and security breaches for the past month. On June 5, blockchain investigator OKHotshot revealed that hackers had broken into the Discord group of the Bored Ape NFTs and Yuga Labs’ metaverse project, Otherside.

As OKHotshot explained, the attack was possible because the hackers broke into the Twitter account of Boris Vagner – Yuga Labs’ community and social manager. They managed to make away with 145 ETH in the hack.

Weeks later, Gordon Goner – Yuga Labs’ pseudonymous co-founder – took to Twitter, once more, to warn community members of another hack on the way. He claimed that “credible sources” had informed him that an insider at Twitter was in on the plot to help them bypass their accounts’ security measures. Goner asked community members to be very alert.

With the market looking to stabilise, NFT brands will want to invest more into their security infrastructure as they look to scale.

Buy Crypto at eToro from just $50 Now!

1
$50
Mobile AppYes
  • Invest in a wide range of cryptocurrencies
  • Ability to copy more experienced investors and their decisions
  • eToro crypto wallet included which makes it beginner-friendly

About Jimmy Aki PRO INVESTOR

Based in the UK, Jimmy is an economic researcher with outstanding hands-on and heads-on experience in Macroeconomic finance analysis, forecasting and planning. He has honed his skills having worked cross-continental as a finance analyst, which gives him inter-cultural experience. He currently has a strong passion for regulation and macroeconomic trends as it allows him peek under the global bonnet to see how the world works.