NFT: Data breach at Opensea, users at risk

Opensea reveals customer data – The ecosystem of NFT has shown unprecedented growth since August 2021. The NFT buying and selling platform Opensea has been able to take advantage of this growth to take the pole position. However, a new email leak could damage his reputation a bit more.

Opensea: leaked emails from users

With a monthly volume of billions of dollars, open sea has been able to position itself as the undisputed leader of the NFT ecosystem. The month of June will nevertheless have been less beautiful than the previous one, with only $630 million in volumeie 4 times less than in May.

Because bad news never comes alone, Open sea revealed on his official blog have had a leak of user emails

So it appears that an employee of their email delivery service, Customer.io, “misused his access to upload and share email addresses”† In practice, these addresses are provided by OpenSea users, especially those who subscribe to the platform’s newsletter.

“If you’ve shared your email address with OpenSea in the past, you should assume you’ve been affected. †

>> A safe platform to buy your cryptos? Join PrimeXBT (affiliate link) <

Towards an increase in phishing attacks

It is clear that this leaked address database will be abused sooner or later. So it’s a safe bet that these will be used within the framework so-called phishing attacks

As a reminder, a phishing attack aims to direct users to a website identical to the Opensea site† Its purpose is to give the user confidence by making them believe that they are on the official site. He will then be pushed to sign a transaction that aims to transfer his entire account.

So if you’ve ever shared your email address with Opensea, expect to receive fake emails masquerading as the NFT platform in the coming months. Make sure to verify the sender of these emails so as not to follow phishing links.

Some safety recommendations

To somehow try to make up for its monumental blunder, the platform has published a few: recommendations for its users

  • Beware of phishing emails of addresses trying to emulate OpenSea. OpenSea will ONLY send emails from the domain: ‘opensea.io’.
  • Never download anything from an OpenSea email† Genuine OpenSea emails do not contain attachments or download requests.
  • Check the URL of a linked page in an email from OpenSea† Make sure that “opensea.io” is spelled correctly, as malicious people often spoof URLs by confusing the letters.
  • NEVER share or confirm your wallet passwords or passphrases† OpenSea will never ask you for this, regardless of format.
  • NEVER sign a wallet transaction directly from an email† OpenSea emails will never contain links directly inviting you to sign a wallet transaction.

Good advice for sure, but probably would have been better received if the fault wasn’t Opensea’s side.

The seriousness of this potentially massive email leak should not be minimized in any way. Last February, Opensea had fallen victim to a major wave of phishing scams, clearly targeting its users. The result was catastrophic: more than 500 ETH in NFT were stolen by the attacker within a few hours.

Hacks are unfortunate dangers, but not inevitable… Play it safe and register now on the PrimeXBT platform (affiliate link).

Leave a Comment