OpenSea data breach: NFT owners warned to stay on high alert

The world’s biggest marketplace for non-fungible tokens (NFT), OpenSea, has confirmed a data breach has exposed the email addresses attached to user accounts.

The company has warned customers that the addresses could now be targeted with phishing attacks and urged everyone to be vigilant.

NFTs are digital creations stored on a blockchain. As the largest marketplace for NFTs, OpenSea has more than 600,000 users and a transaction volume north of $20 billion.

Announcing the news, the company’s Head of Security, Cory Hardman, said the leak happened when an employee of email delivery service Customer.io downloaded OpenSea’s email database.

OpenSea breach

“If you have shared your email with OpenSea in the past, you should assume you were impacted. We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement,” Hardman said.

“Because the data compromise included email addresses, there may be a heightened likelihood for email phishing attempts.”

OpenSea users should now be extra careful when receiving emails claiming to be from the marketplace. Its official email domain is opensea.io, and everything else can be considered fraudulent. Hardman said that emails coming from domains such as opensea.org, opensea.xyz, and opeansae.io should be ignored.

“We wanted to share the information we have at this time, and let you know that we’ve reported the incident to law enforcement and are cooperating in their investigation,” Hardman added.

Phishing is one of the most popular cybercriminal activities, due to its success rate. Cybercriminals often impersonate large brands and send emails with a sense of urgency, to try and trick people into quickly downloading the attachment, clicking a link, or sharing their passwords without giving it a second thought. 

Via BleepingComputer