OpenSea: User email addresses leaked

The NFT marketplace OpenSea had to admit a hack on Wednesday. This came from an unexpected direction.

The OpenSea hack came from a employee who abused his rights and skimmed the email addresses of all customers and subscribers to the newsletter Has. If a user has ever shared their email address with OpenSea, they’re almost certainly affected, according to the announcement. According to OpenSea, they are in close cooperation with and have already reported the leak to the authorities.

OpenSea expressly warns against phishing mails

The obvious problem with leaks from email address databases is that it leads to phishing mails, which of course OpenSea expressly warns about. In particular, they point out possible imitations of the domains. Only the domain is the correct one! The NFT marketplace also sends emails exclusively from the domain. The URLs in the emails can only be seen in the form A popular trick among crooks is to use transposed letters in the domains. Also letter combinations that are perceived completely differently: for example rn -> m. Spelling is also a good starting point. Is the domain name missing a letter, or does one look like another, like I and l?

It is very important to never pass on your recovery phrase or passwords – NO provider will do that ever require. Finally, OpenSea advise never to sign a wallet transaction as their emails do not contain any transaction requests. In response to the leak, yesterday they sent out emails to users they believed might be affected. The exact number of users is not known, but values ‚Äč‚Äčaround 1.8 million active users are assumed.

More on the subject

Last leak was in February

It wasn’t that long ago that the last leak for OpenSea was up to date. Back then, hundreds of NFTs were stolen; the damage was around 1.7 million US dollars. With a phishing attack, the attacker was able to 32 accounts in total 254 Unbutton tokens, as shown in a PeckShield spreadsheet; a blockchain security service provider. In total, the perpetrator looted 641 ETH, which fetched approximately $1.7 million at the time. Just a few months earlier, Check Point researchers found a critical vulnerability that crooks may have exploited.


Related Articles

Back to top button