Best crypto insights delivered straight to your inbox.
- OpenSea users are experiencing a spike in phishing attacks.
- These attacks follow a security breach in September 2023 that exposed user emails and API keys.
- Users are advised to be cautious, verify email authenticity, and remember that legitimate crypto firms don’t ask for personal data like wallet keys via email.
In recent developments, users of OpenSea, a leading nonfungible token (NFT) marketplace, have reported a surge in phishing attacks. These attacks, masquerading as official communications from OpenSea, have raised alarms across the platform’s community. Users and developers alike have encountered various deceptive emails, including false developer account risk alerts and fake NFT offers.
A developer associated with OpenSea revealed on X (formerly known as Twitter) that they received a phishing email aimed at their OpenSea API key. This incident suggests a targeted approach, as the email was sent to an address dedicated solely to their OpenSea-related activities. This revelation contradicts OpenSea’s assertions that their platform remains uncompromised.
Furthermore, on November 14, an OpenSea user expressed their concerns on Reddit about the increasing frequency of these phishing emails. This user, who had not engaged with OpenSea for an extended period, reported receiving multiple emails per day, all containing dubious links and offers.
Opensea security breaches
This wave of phishing attacks follows a security breach involving one of OpenSea’s third-party vendors in late September 2023. The breach reportedly led to the exposure of user emails and developer API keys. Although OpenSea promptly notified affected users, the incident has evidently had lasting repercussions.
Previously, in February 2022, OpenSea confirmed a separate phishing attack originating outside its platform. At that time, the company was also investigating potential exploits linked to its smart contracts. These recurring security challenges highlight the ongoing risks faced by users in the NFT marketplace.
In response to these threats, cybersecurity experts advise OpenSea users to exercise caution. Users should verify the authenticity of email senders and avoid clicking on untrusted links. It is crucial to remember that legitimate crypto firms will not request personal information, such as wallet addresses or private keys, via email.
If you're reading this, you’re already ahead. Stay there with our newsletter.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
Brian Koome
Brian Koome has over seven years of experience in blockchain and cryptocurrency reporting, having been active in the industry since 2017. He has contributed to leading publications, including BlockToday.com. Further, he developed the Ethereum 101 course for BitDegree.org before joining Cryptopolitan as a full-time writer. Brian covers evergreen guides (EGs), deep dives, interviews, and price analysis. His focus on DeFi, blockchain innovation, and emerging crypto projects delights readers.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)