header banner
Default

Large-scale email phishing campaign is reported by OpenSea NFT users


Table of Contents

    OpenSea users have reportedly been targeted with a widespread email phishing campaign, including a fake developer API risk alert and a fake NFT offer.

    3552 Total views

    21 Total shares

    OpenSea NFT users report massive email phishing campaign

    Users of the major nonfungible token (NFT) marketplace OpenSea have said they are being targeted with a new email phishing attack and have received emails containing malicious links from attackers posing as the marketplace.

    According to social media reports, OpenSea users and developers have been targeted by various email phishing campaigns, including a fake developer account risk alert and a fake NFT offer.

    One OpenSea developer took to X (formerly Twitter) on Nov. 13 to report receiving a phishing attempt at an email strictly dedicated to their OpenSea Application Programming Interface (API) key. “In other words, dev contacts have been exfiltrated from OpenSea and are the real target in this campaign,” the post read.

    The social media report came in response to OpenSea’s insistence that the platform has not been hacked and urging users not to click on links they don’t trust.

    Correct- there is no smart contract vuln. But unfortunately for @opensea I just received a phishing attempt, to an email that was strictly dedicated to my OpenSea API key. In other words, dev contacts have been exfiltrated from OpenSea and are the real target in this campaign https://t.co/GD4UgwWIrx pic.twitter.com/rtyUJBMlwl

    — Quantity (@quantity) November 13, 2023

    Another OpenSea user took to Reddit to express confusion about the ongoing phishing campaign on Nov. 14.

    “Haven’t used OpenSea for years and all of a sudden, I keep getting emails talking about my NFT listings getting offers,” the poster wrote, adding that all the vulnerable links were trying to direct the reader to install a malicious app.

    “Right now I’m getting 3-4 scam/phishing emails a day which is crazy since I got zero just a few weeks ago,” the Redditor wrote, adding:

    “So my question is did something new happen to OpenSea. The email address of mine they are hitting is one I created specifically for OpenSea so not concerned but I know OpenSea had hacks previously. Are they just now hitting up my email or is there a new one?”

    The news comes a few weeks after one of OpenSea’s third-party vendors experienced a security incident that exposed information related to user API keys. OpenSea reported the breach in a notification email to affected users in late September 2023, stating that user emails and developer API keys may have been leaked due to the attack.

    Choose your third party well…
    Opensea posted that a vendor was attacked, resulting in the leak of developers' API keys!
    Get advice from a professional security consultant about the safety of the third party before choosing. E.g. @SlowMist_Team pic.twitter.com/jcBJ9IaAEN

    — 23pds (@IM_23pds) September 23, 2023

    OpenSea users have received phishing emails previously. In February 2022, OpenSea officially confirmed that its platform faced a phishing attack from outside the OpenSea website and urged users to stay away from clicking on any links in the emails. The firm was also investigating rumors of an exploit associated with OpenSea-related smart contracts.

    Related: Chinese hackers use fake Skype app to target crypto users in new phishing scam

    OpenSea did not immediately respond to Cointelegraph’s request for comment.

    This latest phishing campaign is happening just after OpenSea laid off 50% of its staff, with the stated intention of launching OpenSea 2.0 with a smaller team.

    This attack is yet another reminder for the cryptocurrency community to stay vigilant when receiving emails from service providers. To avoid a phishing hack, users should be cautious of the email sender’s authenticity and the associated links. Users should also remember that crypto firms never ask their users for personal data like wallet addresses or private keys.

    Magazine: How to protect your crypto in a volatile market — Bitcoin OGs and experts weigh in

    Sources


    Article information

    Author: Alan Castillo

    Last Updated: 1702792803

    Views: 990

    Rating: 4.3 / 5 (116 voted)

    Reviews: 88% of readers found this page helpful

    Author information

    Name: Alan Castillo

    Birthday: 1954-10-15

    Address: 86548 Reeves Underpass, Stewartton, VT 61704

    Phone: +4334139397309401

    Job: Surveyor

    Hobby: Yoga, Beer Brewing, Fishing, Bird Watching, Astronomy, Skiing, Sailing

    Introduction: My name is Alan Castillo, I am a expert, Open, variegated, tenacious, unyielding, unswerving, welcoming person who loves writing and wants to share my knowledge and understanding with you.