OpenSea users have reportedly been targeted in a broad email phishing attempt, which included a bogus developer API risk alert and a bogus NFT offer.
Users of the major nonfungible token (NFT) marketplace OpenSea have reported being targeted by a new email phishing assault and receiving emails with malicious links from attackers posing as the marketplace.
According to social media sources, OpenSea users and developers have been targeted by multiple email phishing attempts, including a bogus developer account risk notice and a bogus NFT offer.
On Nov. 13, an OpenSea developer reported getting a phishing attempt at an email only focused on their OpenSea Application Programming Interface (API) key on X (previously Twitter). "In other words, dev contacts have been exfiltrated from OpenSea and are the real target in this campaign," said the blog post.
The social media claim followed OpenSea's insistence that the platform had not been hacked and urged users not to click on links they did not trust.
On November 14, another OpenSea user posted to Reddit to voice his confusion over the ongoing phishing campaign.
"I haven't used OpenSea in years, and all of recently, I'm getting emails about my NFT listings receiving offers," the poster explained, adding that all of the vulnerable links had been removed were attempting to direct the reader to install a malicious program.
"Right now, I'm getting 3-4 scam/phishing emails a day, which is crazy since I got zero just a few weeks ago," the Redditor commented, adding:
"So my question is, did something new happen to OpenSea?" They are attempting to hijack an email address I created just for OpenSea, therefore I am not concerned, despite the fact that OpenSea has already been hacked. Is it just now that they're contacting me, or is there a new one?"
The announcement comes just a few weeks after one of OpenSea's third-party vendors encountered a security problem that revealed information connected to user API keys. In late September 2023, OpenSea notified affected users of the breach in an email, noting that user emails and developer API keys may have been leaked as a result of the attack.
OpenSea users have previously received fraudulent emails. In February 2022, OpenSea officially announced that its platform had been subjected to a phishing attempt from outside the OpenSea website and advised users not to click on any links in the emails. The organization was also looking into rumors of an exploit involving OpenSea-related smart contracts.
This latest phishing campaign occurred just after OpenSea laid off 50% of its workers with the claimed intention of releasing OpenSea 2.0 with a smaller team.
This hack serves as a caution to the Bitcoin community to be wary of emails from service providers. To avoid a phishing attack, users should be wary of the validity of the email sender and any accompanying links. Users should also keep in mind that crypto companies never ask for personal information such as wallet addresses or private keys.
OpenSea users are advised to be extremely cautious when opening emails from the marketplace. If you are unsure whether an email is legitimate, you should not click on any links. Instead, you can go directly to the OpenSea website and log in to your account. You can also check the OpenSea Help Center for more information on how to stay safe from phishing attacks.