OpenSea, the most significant non-fungible token (NFT) marketplace, revealed a data breach; it warned users of phishing attacks.
The NFT marketplace says more than 600,000 users use the platform, and the transaction value exceeds $20 billion.
The company’s Head of Security, Cory Hardman, stated that an employee of Customer.io, the platform’s email delivery vendor, downloaded the email addresses of OpenSea users and newsletter subscribers.
Hardman suggested the affected users keep a watch on phishing attempts replicating OpenSea as the stolen emails were shared with an unauthorised external party.
“If you have shared your email with OpenSea in the past, you should assume you were impacted. We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement,” Hardman said.
“Because the data compromise included email addresses, there may be a heightened likelihood for email phishing attempts.”
Users must stay alert for emails sent from domains that malicious actors could use to trick—impersonated domains.
Examples of domains that could be utilized in phishing attacks targeting OpenSea users include opensea.org, opensea.xyz, and opeansae.io.
Hardman also shared a set of safety measures that would help protect the users from phishing attempts; He advised users to be suspicious of any emails duplicating OpenSea, not to download and open email attachments, and to scan the URLs of pages linked in OpenSea emails.
Users are also urged never to share or confirm their passwords or secret wallet phrases and never to sign wallet transactions if prompted directly via email.
“We wanted to share the information we have at this time, and let you know that we’ve reported the incident to law enforcement and are cooperating in their investigation,” Hardman added.