Users of the prominent nonfungible token (NFT) marketplace OpenSea are reporting a surge in email phishing attacks, with individuals receiving malicious emails containing harmful links from attackers posing as the platform. Social media platforms are abuzz with reports of various phishing campaigns, including fake developer account risk alerts and counterfeit NFT offers targeting OpenSea users and developers.
One OpenSea developer took to X (formerly Twitter) on November 13, revealing a phishing attempt sent to an email exclusively dedicated to their OpenSea Application Programming Interface (API) key. The developer emphasized that developer contacts seem to be the primary focus of this campaign, suggesting that information may have been exfiltrated from OpenSea.
Despite OpenSea’s assurances that the platform has not been hacked, users are advised to exercise caution and avoid clicking on untrusted links. Reports on social media and platforms like Reddit indicate confusion and concern among OpenSea users facing phishing attempts related to NFT listings and offers.
This surge in phishing incidents follows a security breach involving one of OpenSea’s third-party vendors a few weeks ago, exposing information linked to user API keys. While the breach was reported in late September 2023, concerns regarding user emails and developer API keys being leaked persist.
OpenSea, which recently laid off 50% of its staff with plans to launch OpenSea 2.0, did not immediately respond to inquiries from Cointelegraph.
This latest phishing campaign underscores the need for heightened vigilance within the cryptocurrency community. Users are reminded to verify the authenticity of email senders and exercise caution with associated links. It is crucial to recognize that legitimate crypto firms never request sensitive information such as wallet addresses or private keys via email.
As OpenSea navigates security challenges, users are encouraged to stay informed and adopt security best practices to safeguard their digital assets.