NFT giant OpenSea admits data breach and warns of phishing attacks

NFT marketplace giant OpenSea has warned its users of email phishing attacks following a huge data breach which it claims occurred via the company’s email delivery vendor.

According to OpenSea, which claims to have more than 60,000 users, the data leak derived from third party contractor Customer.io after a staff member misused their employee access to download and share email addresses of OpenSea’s users and newsletter subscribers.

In a blog post on its website, the world’s largest NFT auction site said that users who have share their email details with OpenSea should assume that they have been impacted. It also offered advice on how customers can protect themselves.

It said in the statement: “Please be aware that malicious actors may try to contact you using an email address that looks visually similar to our official email domain, ‘opensea.io’ (such as ‘opensea.org’ or some other variation).”

The firm added that it was working with Customer.io in an ongoing investigation and has reported the incident to law enforcement.

It’s not the first time that OpenSea has been subject to hacks and calls into question the security employed on such sites, which appear vulnerable to theft and data leaks.

In February, TechInformed reported that hackers had stolen $1.7m in NFTs from OpenSea, although later some of these 254 NFTs were reported to have been recovered.

In the same month, fellow NFT auction site Cent temporarily closed down after reports of bad actors minting counterfeit digital assets – a move which prompted even its own CEO to admit that plagiarism is ‘a fundamental problem’ with web3.’