Users on OpenSea NFT Platform Encounter Extensive Email Phishing Campaign, Reports Suggest

OpenSea users have reported becoming the target of a new email phishing scam in which the attackers send malicious links while pretending to be the marketplace. OpenSea customers and developers have been the target of numerous phishing attacks, such as a phony non-fungible tokens offer and a bogus developer account risk notice.

History of Phishing Attacks on OpenSea: Past Incidents and Responses

On November 13, an OpenSea developer revealed on X (previously Twitter) that they had been the target of a phishing attempt through an email that was addressed to them directly and contained their OpenSea Application Programming Interface (API) key. The statement stated, “In other words, dev contacts have been exfiltrated from OpenSea and are the real target in this campaign.”

OpenSea emphasized on social media that users should not click on unsafe links, despite worries that the platform has been hijacked.

In response to the rapidly worsening circumstances, on November 14, another OpenSea user posted on Reddit expressing confusion about the ongoing phishing campaign.

The poster stated that after years of not using OpenSea, they all of a sudden began to receive emails regarding offers on their non-fungible tokens listings. They also said that every link that was deemed vulnerable tried to trick the reader into downloading a malicious application.

The Redditor revealed that, in contrast to the 0 they received a few weeks ago, they are now receiving 3–4 scam/phishing emails every day. They questioned whether anything new had happened to OpenSea. 

The latest news comes after a security compromise that occurred a few weeks ago at one of OpenSea’s third-party vendors, revealing data related to user API keys. In an email sent to impacted Opensea users in late September 2023, OpenSea disclosed that user emails and developer API keys may have been compromised in the attack.

Notably, OpenSea users have previously been targeted by phishing emails. OpenSea publicly recognized a phishing assault on its platform in February 2022 that originated outside of the OpenSea website. As a result, users were strongly urged not to click on any links contained in the emails. Furthermore, the company was looking into allegations about an exploit linked to OpenSea-related smart contracts.

This current phishing campaign coincides with OpenSea’s decision to cut 50% of its workers as part of its aim to launch OpenSea 2.0 with a smaller crew.

Takeaways

This event serves as a timely reminder to the cryptocurrency community to be cautious of communications from service providers. In order to prevent yourself from falling victim to phishing attacks, it is essential to check the validity of the email sender and examine associated links. It’s essential for users to remember that respectable cryptocurrency companies never ask for personal information like wallet addresses or private keys from their customers.

Share this article

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top