Users of the foremost nonfungible token (NFT) market OpenSea have mentioned they’re being focused with a brand new email phishing assault and have acquired emails containing malicious hyperlinks from attackers posing as {the marketplace}.
According to social media reviews, OpenSea users and builders have been focused by numerous email phishing campaigns, together with a pretend developer account danger alert and a pretend NFT supply.
One OpenSea developer took to X (previously Twitter) on Nov. 13 to report receiving a phishing try at an email strictly devoted to their OpenSea Application Programming Interface (API) key. “In other words, dev contacts have been exfiltrated from OpenSea and are the real target in this campaign,” the submit learn.
The social media report got here in response to OpenSea’s insistence that the platform has not been hacked and urging users to not click on on hyperlinks they don’t belief.
Correct- there is no such thing as a sensible contract vuln. But sadly for @opensea I simply acquired a phishing try, to an email that was strictly devoted to my OpenSea API key. In different phrases, dev contacts have been exfiltrated from OpenSea and are the actual goal on this campaign https://t.co/GD4UgwWIrx pic.twitter.com/rtyUJBMlwl
— Quantity (@amount) November 13, 2023
Another OpenSea person took to Reddit to express confusion in regards to the ongoing phishing campaign on Nov. 14.
“Haven’t used OpenSea for years and all of a sudden, I keep getting emails talking about my NFT listings getting offers,” the poster wrote, including that every one the weak hyperlinks had been making an attempt to direct the reader to put in a malicious app.
“Right now I’m getting 3-4 scam/phishing emails a day which is crazy since I got zero just a few weeks ago,” the Redditor wrote, including:
“So my question is did something new happen to OpenSea. The email address of mine they are hitting is one I created specifically for OpenSea so not concerned but I know OpenSea had hacks previously. Are they just now hitting up my email or is there a new one?”
The information comes just a few weeks after one in every of OpenSea’s third-party distributors skilled a safety incident that uncovered info associated to person API keys. OpenSea reported the breach in a notification email to affected users in late September 2023, stating that person emails and developer API keys might have been leaked as a result of assault.
Choose your third celebration properly…
Opensea posted {that a} vendor was attacked, ensuing within the leak of builders’ API keys!
Get recommendation from knowledgeable safety guide in regards to the security of the third celebration earlier than selecting. E.g. @SlowMist_Team pic.twitter.com/jcBJ9IaAEN— 23pds (@IM_23pds) September 23, 2023
OpenSea users have acquired phishing emails beforehand. In February 2022, OpenSea formally confirmed that its platform confronted a phishing assault from outdoors the OpenSea web site and urged users to steer clear of clicking on any hyperlinks within the emails. The agency was additionally investigating rumors of an exploit associated with OpenSea-related smart contracts.
Related: Chinese hackers use fake Skype app to target crypto users in new phishing scam
OpenSea didn’t instantly reply to Cointelegraph’s request for remark.
This newest phishing campaign is occurring simply after OpenSea laid off 50% of its staff, with the said intention of launching OpenSea 2.0 with a smaller staff.
This assault is one more reminder for the cryptocurrency group to remain vigilant when receiving emails from service suppliers. To avoid a phishing hack, users must be cautious of the email sender’s authenticity and the related hyperlinks. Users must also do not forget that crypto corporations by no means ask their users for private knowledge like pockets addresses or non-public keys.
Magazine: How to protect your crypto in a volatile market — Bitcoin OGs and experts weigh in
