OpenSea, a leading NFT marketplace, has advised its users to exercise caution and avoid falling for phishing scams. The head of security said that an employee of a third-party vendor abused their access to customers’ data of OpenSea.
OpenSea Customers’ Emails Leaked
After discovering that email addresses had been shared with a third party, employees at collectibles platform OpenSea notified customers of a data breach.
In a blog post published on Wednesday, OpenSea’s head of security Cory Hardman revealed that a Customer.io employee had misused their access by downloading and sharing customer data outside of the company. He said:
“If you have shared your email with OpenSea in the past, you should assume you were impacted. We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement.”
Customers may be subject to phishing attacks, in which fraudsters seek to steal personal information by impersonating trustworthy organizations and using domain names similar to the official “opensea.io,” such as “opensea.org” or “opensae.io,” the NFT marketplace further cautioned.
Users of the platform have started tweeting that they have been inundated with spam calls, emails, and texts.
Recently, email data breaches have been on the rise in crypto companies. As a result, cryptocurrency companies must exercise caution when using Customer Relationship Management (CRM) software.
A data leak of another CRM system, Hubspot, earlier this year resulted in an email data breach affecting users of Circle, NYDIG, BlockFi, and Swan Bitcoin. Other user information supplied to a third party after the theft includes names and phone numbers in addition to emails.
Related Readings | OpenSea Specifies The Number Of Affected Users But Still Finding The Cause Of Hack
Safety Recommendations
The largest NFT marketplace provided its customers with several safety precautions. According to OpenSea, there won’t be any attachment requests made of its users. Additionally, users must make sure that any email hyperlink points to the domain “email.OpenSea.io.”
Customers must once again verify that the domain’s URL is correct. The correct URL for OpenSea is OpenSea.io. Other URLs are false. Additionally, it cautioned users that it will never email them to ask for their secret passwords or wallet phrases.
ETH/USD falls to $1k. Source: TradingView
Additionally, no email from the company will request that users sign a wallet transaction. A wallet transaction whose origin is not https://OpenSea.io should also not be acknowledged by a customer.
Thanks to a different incident that occurred before the data leak, OpenSea found itself in a sea of controversy. Nathaniel Chastain, the former head of product, was charged by the Department of Justice earlier this month with insider trading in relation to NFTs. He was accused of money laundering as well as one count of wire fraud.
Chastain left his position in September after it was discovered that he may have benefited from insider information and bought NFTs before they were made available to the public.
Customers have previously been the target of phishing attacks and threat actors posing as fake support personnel, which cost more than a dozen users hundreds of NFTs valued about $2 million.
The company promises to keep users informed about the situation and asks that any phishing efforts be reported to their support team.