Following Nansen's breach revelation, prominent NFT marketplace OpenSea stated that its partner leaked several keys to malefactors.
OpenSea, a top-tier marketplace for non-fungible tokens (NFTs), has become the second victim of an API breach by an anonymous "third-party vendor." It sends a series of warnings to API users in order to deter hackers from abusing their accounts.
Clients of OpenSea must obtain new API keys after a third-party vendor is attacked.
September 23, 2023, a number of X users published messages they supposedly received from OpenSea, a multi-blockchain NFT marketplace. According to the letter, one of OpenSea's third-party partners encountered a "security incident" that could have resulted in the release of application programming interface (API) keys.
This hack is suspected to have exposed information about OpenSea clients to attackers. Malefactors can also utilize the API keys to leverage requests that OpenSea users paid for. As a result, the marketplace strongly advises all of its customers to discontinue utilizing their active API keys. The warning states that newly produced keys will have the same permissions and rate limits as the leaked ones.
Decentralized applications and other third-party services employ API endpoints for faster, standardized interaction with a remote platform or server. As a result, the purported OpenSea API leak may endanger its B2B partners. At the same time, OpenSea refers to the effort as an "API keys rotation" and does not anticipate the event affecting the platform's partners.
OpenSea has remained silent on the purported leak.
By the time this article was published, neither the main OpenSea account on X nor its API-centric page had addressed community concerns about the API keys issue.
It should also be mentioned that Nansen, a major crypto analysis platform, released similar information concerning API keys being disclosed by a third-party vendor a few days ago.
Nansen CEO Alex Svanevik also declined to reveal the provider's name but confirmed that it is a Fortune 500 list.
Accounts for a total of 6.8% of Nansen users were impacted, Svanevik added.