NFT marketplace OpenSea suffered a data breach because a worker at its email delivery partner lost user information. According to a blog post published late on 29 June, OpenSea claimed that an employee of Customer.io “misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorized external party.”
So, what happened?
According to the blog post, the information that was exposed included email addresses. Soon after, OpenSea advised users that this could lead to “a heightened possibility for email phishing attempts.”
Customers should presume they have been affected by the news if they have previously provided their email address to OpenSea, according to the company. In the blog post, OpenSea also stated that the issue has been reported to law authorities and the business is helping Customer.io with its internal investigation.
Any consumer who has given the marketplace their email address—whether for the platform or its newsletter—is probably affected by the incident. Following the episode, OpenSea issued a warning to customers about potential phishing attacks.
Just the latest for OpenSea this year
The most recent data breach is far from the first attack OpenSea and its clients have faced this year. The popular NFT marketplace’s Discord server was breached in May, and phishing attempts poured in. In the hack, several user wallets were stolen.
One of the worst attacks the exchange has ever seen occurred in January when an exploit allowed hackers to sell NFTs without the owners’ consent. Although the marketplace returned around $1.8 million to its clients, it was unclear how much of an overall impact the attack had.
Despite the marketplace recently improving its security measures to prevent fraud, there was another recent data breach too. In fact, users of OpenSea are still losing their pieces to hackers, according to new data.
Crypto-community in crisis due to more scams
Less than a week before the OpenSea compromise, the DeFi protocol Harmony was the victim of another prominent cryptocurrency heist. During the same, roughly $100 million was lost. The notorious North Korean hacker outfit Lazarus may have been responsible for this attack.
The organization is also responsible for several other crypto-related hacks, most notably the Axie Infinity hack in April. It resulted in the theft of tokens valued at over $600 million.