OpenSea NFT users report massive email phishing campaign
Users of the major nonfungible token (NFT) marketplace OpenSea have reported being targeted with a new email phishing attack. These emails, coming from attackers posing as the marketplace, contain malicious links and have been flagged as a serious security concern.
Rising Concerns Among OpenSea Users
According to social media reports, OpenSea users and developers have been targeted by various email phishing campaigns. These include fake alerts about developer account risks and deceptive NFT offers.
One developer, using the platform X (formerly Twitter), reported on Nov. 13 about receiving a phishing attempt at an email address exclusively used for their OpenSea Application Programming Interface (API) key. This suggests that contact information has been extracted directly from OpenSea, marking developers as primary targets.
OpenSea’s Response and User Reactions
Despite OpenSea’s assurance that the platform has not been compromised, users are advised to exercise caution with email links. A Reddit user expressed confusion over the sudden surge in scam emails related to OpenSea, despite not using the service for an extended period.
Previous Security Breaches
This incident follows a security breach in late September 2023, where a third-party vendor associated with OpenSea experienced a security incident, potentially exposing user emails and API keys.
History of Phishing Attacks on OpenSea
OpenSea has encountered similar security issues in the past. In February 2022, the platform confirmed a phishing attack external to its website, urging users to avoid clicking on suspicious links. There were also investigations into potential exploits in OpenSea-related smart contracts.
Current Situation and User Guidance
Following a significant reduction in staff and the announcement of OpenSea 2.0, the platform is yet to comment on this latest phishing scheme. Users are reminded to verify email sender authenticity and to be aware that legitimate crypto firms never ask for personal data like wallet addresses or private keys.