OpenSea, one of the most popular NFT marketplaces, has warned its users. Indeed, potentially 1.8 million of them may have received a phishing email. This risk follows a breach of the web giant’s messaging system3. OpenSea, valued at nearly $13 billion in January 2022, is a must-have in the NFT universe.
The violation of the email addresses of OpenSea users would have an internal origin to one of its partners
It would be a staff member of Customer.io , an email provider under contract with OpenSea, which allegedly abused its employees’ access to download and share the email addresses of OpenSea users. In addition to simple users, he also had access to newsletter subscribers. He would have communicated them to an unauthorized third person.
OpenSea works in partnership with Costumer.io to investigate this incident
The scale of the security breach seems massive. The company said: ” If you have shared your email with OpenSea in the past, you should assume that you have been affected ». She added that she was working with Customer.io in an ongoing investigation and had reported the incident to law enforcement.
1.8 million users potentially affected
More than 1.8 million users have made at least one purchase through the Ethereum network on OpenSea, according to the data collected by Dune Analytics, an open source crypto analysis platform. « We believe that this resulted from the actions of an employee who had specific access privileges “, said a spokesman for Customer.io .” We do not believe that other customers’ data has been compromised, but we are continuing to investigate. The employee in question has been denied all access and has been suspended pending the conclusion of our investigation “hastened to add the email provider.
The Web3, a privileged target of cyberattacks
Crypto startups have become a target for cyber attacks as the industry sees explosive growth and large inflows of money. Decentralized blockchain-based networks promise to offer better security, but today average users are turning to centralized services like OpenSea. This type of provider has many advantages, but also constitutes a higher risk in terms of the security of information and cryptocurrency assets. There is no shortage of examples of cyberattacks in the world of the Web3 and we can cite for example the data breach at HubSpot, a customer relationship management software company. This kind of violation has led to phishing risks for Trezor users.
Other blockchain companies like OpenSea are potential targets
Fractal, an NFT platform launched by Twitch co-founder Justin Kan, had an eventful debut in December after a scammer hacked the ad bot to pocket $150,000. One of the biggest crypto heists to date was the theft of $625 million from Ronin, a blockchain network connected to the Axie Infinity play-to-win.
Security on the Web3 still remains unstable. This is the reason why it is the sector that probably has the most future in the blockchain universe. Theoretically, the decentralized nature of the blockchain and the Web3 should allow for better security. However, many platforms, wallets, etc, remain exposed due to their much more centralized aspect. In addition, hackers always find loopholes, and the loot is juicy. Blockchain-based services represent astronomical amounts of money.
Receive a digest of the news in the world of cryptocurrencies by subscribing to our new daily and weekly newsletter service so you don’t miss anything essential Cointribune!
Student passionate about entrepreneurship and fascinated by the technologies behind cryptos! Yes, I am convinced that the two are intimately linked: blockchain and NFTs are revolutionizing many sectors and present unprecedented opportunities.