Customers of the most important nonfungible token (NFT) market OpenSea have stated they’re being focused with a brand new electronic mail phishing assault and have obtained emails containing malicious hyperlinks from attackers posing as {the marketplace}.
Based on social media experiences, OpenSea customers and builders have been focused by varied electronic mail phishing campaigns, together with a pretend developer account danger alert and a pretend NFT provide.
One OpenSea developer took to X (previously Twitter) on Nov. 13 to report receiving a phishing try at an electronic mail strictly devoted to their OpenSea Software Programming Interface (API) key. “In different phrases, dev contacts have been exfiltrated from OpenSea and are the actual goal on this marketing campaign,” the put up learn.
The social media report got here in response to OpenSea’s insistence that the platform has not been hacked and urging customers to not click on on hyperlinks they don’t belief.
Appropriate- there isn’t a sensible contract vuln. However sadly for @opensea I simply obtained a phishing try, to an electronic mail that was strictly devoted to my OpenSea API key. In different phrases, dev contacts have been exfiltrated from OpenSea and are the actual goal on this marketing campaign https://t.co/GD4UgwWIrx pic.twitter.com/rtyUJBMlwl
— Amount (@amount) November 13, 2023
One other OpenSea consumer took to Reddit to precise confusion in regards to the ongoing phishing marketing campaign on Nov. 14.
“Haven’t used OpenSea for years and impulsively, I hold getting emails speaking about my NFT listings getting provides,” the poster wrote, including that every one the susceptible hyperlinks had been making an attempt to direct the reader to put in a malicious app.
“Proper now I’m getting 3-4 rip-off/phishing emails a day which is loopy since I obtained zero just some weeks in the past,” the Redditor wrote, including:
“So my query is did one thing new occur to OpenSea. The e-mail tackle of mine they’re hitting is one I created particularly for OpenSea so not involved however I do know OpenSea had hacks beforehand. Are they simply now hitting up my electronic mail or is there a brand new one?”
The information comes a number of weeks after considered one of OpenSea’s third-party distributors skilled a safety incident that uncovered info associated to consumer API keys. OpenSea reported the breach in a notification electronic mail to affected customers in late September 2023, stating that consumer emails and developer API keys might have been leaked because of the assault.
Select your third social gathering properly…
Opensea posted {that a} vendor was attacked, ensuing within the leak of builders’ API keys!
Get recommendation from an expert safety marketing consultant in regards to the security of the third social gathering earlier than selecting. E.g. @SlowMist_Team pic.twitter.com/jcBJ9IaAEN
— 23pds (@IM_23pds) September 23, 2023
OpenSea customers have obtained phishing emails beforehand. In February 2022, OpenSea formally confirmed that its platform confronted a phishing assault from outdoors the OpenSea website and urged customers to avoid clicking on any hyperlinks within the emails. The agency was additionally investigating rumors of an exploit related to OpenSea-related sensible contracts.
Associated: Chinese language hackers use pretend Skype app to focus on crypto customers in new phishing rip-off
OpenSea didn’t instantly reply to Cointelegraph’s request for remark.
This newest phishing marketing campaign is going on simply after OpenSea laid off 50% of its employees, with the acknowledged intention of launching OpenSea 2.0 with a smaller crew.
This assault is one more reminder for the cryptocurrency neighborhood to remain vigilant when receiving emails from service suppliers. To keep away from a phishing hack, customers must be cautious of the e-mail sender’s authenticity and the related hyperlinks. Customers must also do not forget that crypto companies by no means ask their customers for private knowledge like pockets addresses or non-public keys.
Journal: How one can defend your crypto in a risky market — Bitcoin OGs and specialists weigh in