- One of OpenSea’s contractors’ employees leaked customer emails to another party.
- The employee got access because he works with the firm that manages OpenSea’s email newsletters.
Leading NFT marketplace, OpenSea, has warned its customers to be careful not to fall for phishing scams. The warning notice became necessary when OpenSea discovered an email data breach from a staff of Customer.io. Customer.io is the platform that manages email newsletters and campaigns for OpenSea.
The staff was alleged to have leaked emails of OpenSea’s users to a third party. Recently, crypto firms have reported cases of an email data breach. Hence, it is now necessary for crypto firms to be wary of the Customer Relationship Management (CRM) software that they use.
Earlier in the year, a hack of another CRM software, Hubspot, caused an email data breach of Circle, NYDIG, BlockFi, and Swan Bitcoin customers. Apart from emails, other user data released to an outside party following the hack include names and phone numbers.
OpenSea warned its customers to be wary of clicking links from similar OpenSea.io domains like opensae.io, OpenSea.xyz, or OpenSea.org. OpenSea’s Twitter customers have started tweeting that they have started receiving lots of spam calls, emails, and text messages.
Protection for OpenSea’s customers
Nevertheless, OpenSea has shared some guidelines for its users to protect themselves. OpenSea states that it won’t ask its users to download any attachments. Also, users must ensure that any email hyperlink is linked to ’email.OpenSea.io’ website.
Again, customers must ensure that the URL for the domain is accurate. OpenSea’s correct URL is OpenSea.io. Any other URL is fake. In addition, OpenSea warns that it would never request customers to share or confirm their secret wallet phrases or passwords via email.
Furthermore, no OpenSea email will ask users to sign a wallet transaction. Also, no customer should sign a wallet transaction whose origin is not https://OpenSea.io. OpenSea is sharing this information as it places huge importance on the trust and safety of its customers.
The NFT marketplace also states that it has informed law enforcement authorities about the incident. Hence, an investigation should start soon. Customer.io has agreed to cooperate with OpenSea and the law enforcement authorities to resolve the matter. Meanwhile, OpenSea requests that customers report any phishing message to its customer support center.
Not the first time
Besides this data breach, the leading NFT marketplace has recently experienced various phishing attack incidents. Last month, a hacker tapped OpenSea’s discord server, directing customers to mint fake “youtube genesis NFTs.”
In February, another hacker sent a phishing email link to OpenSea users. He tricked them into signing a transaction. The attacker made away with $3 million worth of NFTs. Previously, many cybersecurity experts have criticized OpenSea for its listing bug problems. Recent data by token terminal confirms OpenSea to remain the biggest NFT marketplace. Its NFT trading volume for this month is more than $483 million and the month isn’t over yet.