Largest NFT Marketplace Suffers Data Breach

The biggest NFT marketplace in the world, OpenSea, revealed in their blog post on June 29 that there had been a significant data breach.

OpenSea is a decentralized marketplace for purchasing, selling and trading non-fungible tokens. Early on Thursday, the leading NFT marketplace issued a blog post alerting its community that a Customer.io employee had exchanged a list of email addresses belonging to its users and newsletter subscribers.

openseaheader

The NFT marketplace reported that it has immediately alerted law enforcement about the intrusion and that an investigation is ongoing.

Additionally, OpenSea advised its users that malicious actors can get in touch with them through emails coming from phishing links similar to their website (Opensea.io).

Email phishing efforts could be more common given that the compromised data includes email addresses. With that, the NFT marketplace has added a list of safety recommendations for it’s users following the recent breach.

Safety Reccomendations from OpenSea:

  1. Be cautious of phishing emails trying to impersonate OpenSea: Please do not interact with any email pretending to be from OpenSea that does not originate from the domain: “opensea.io.” OpenSea will ONLY send you emails from that email address.
  2. Never download anything from an OpenSea email: Legitimate OpenSea emails wouldn’t ask you to download anything or provide attachments.
  3. Check the URL of any page linked in an OpenSea email: Only URLs ending in “email.opensea.io” will be hyperlinked. Verify the spelling of “opensea.io” because fraudulent actors frequently impersonate URLs by rearranging letters.
  4. Never share or confirm your passwords or secret wallet phrases: OpenSea will never prompt you to do this.
  5. Never sign a wallet transaction prompted directly from an email: Links that ask you to sign a wallet transaction will never be included in emails from OpenSea. Never sign a wallet transaction that doesn’t list the origin of https://opensea.io if you were led there by email.

OpenSea stated that everyone who has shared an email address with the business should presume they were harmed, although it has not confirmed whether the hack involved the crypto wallet data of it’s users.

This is not the first time the NFT market has seen a data breach this year; in May, OpenSea’s Discord server was hacked, and multiple wallets were hacked as a result.