OpenSea NFT Marketplace Suffers Email Address Data Breach
Share this article
OpenSea warned of potential phishing attacks in an announcement of the data breach.
OpenSea Email Database Leaked
Someone has leaked OpenSea’s email database.
The top NFT marketplace published a blog post early Thursday warning its community that an employee of its email vendor, Customer.io, had shared a list of email addresses of its users and newsletter subscribers with “an unauthorized external party.”
The post explained that a Customer.io employee had misused their position to gain access to the list and share it with an unnamed third party. OpenSea warned users to be wary of potential phishing attacks following the breach, saying “there may be a heightened likelihood for email phishing attempts.” It also warned users against sharing cryptocurrency wallet passwords and signing transactions posted via email links. Though OpenSea did not confirm whether the breach included cryptocurrency wallet data, it said anyone who has shared an email address with the company “should assume [they] were impacted.”
OpenSea has also said that it is looking into the incident with Customer.io. “We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement,” the post read.
Today’s breach is the latest in a string of troubling incidents affecting OpenSea users. While the leading NFT marketplace has so far only confirmed a data leak rather than a full-scale attack, it’s suffered from phishing attacks and other issues in the past. Last month, an attacker hacked the OpenSea Discord server and directed users to mint fake “YouTube Genesis Mint Passes.” In February, a bad actor stole about $3 million worth of NFTs from OpenSea users by tricking them into signing a malicious transaction sent via an email link. The marketplace has also faced scrutiny over listing bug issues in the past.
OpenSea is the world’s largest NFT marketplace. According to data from Token Terminal, it handled over $483 million in transaction volume in June 2022.
Disclosure: At the time of writing, the author of this piece owned ETH, some NFTs, and several other cryptocurrencies.