OpenSea NFT users have reported a large email phishing campaign
Users of OpenSea, a major non-vulnerable token (NFT) marketplace, have reported being targeted by a new email phishing attack and receiving emails containing malicious links from attackers impersonating the marketplace.
According to social media reports, OpenSea users and developers have been targeted by various email phishing campaigns, including fake developer account threat alerts and fake NFT offers.
An OpenSea developer took to X (formerly Twitter) on November 13th to receive a phishing attempt on an email provided for an OpenSea Application Programming Interface (API) key. “In other words, Dave's contacts were exposed from OpenSea and are a real target in this campaign,” the post read.
The social media report comes in response to claims that Opensea's platform has not been hacked and warns users not to click on links they don't trust.
Correct – no smart contract nonsense. But unfortunately for @opensea I've just received a phishing attempt, an email strictly for my OpenSea API key. In other words, Dave's contacts were exposed from OpenSea and are a real target in this campaign pic.twitter.com/rtyUJBMlwl
— Quantity (@quantity) November 13, 2023
Another OpenSea user took to Reddit to express confusion about the ongoing phishing campaign on November 14th.
“I haven't used OpenSea in years and all of a sudden, I keep getting emails talking about offers for my NFT listings,” the poster wrote, adding that all the vulnerable links were trying to direct the reader to install a malicious app.
“I'm now getting 3-4 scam/phishing emails a day, which is crazy since I got zero a few weeks ago,” the Redditor wrote.
“So my question is, is something new happening on OpenSea. My email address they are hitting is one I created specifically for OpenSea so no worries, but I know OpenSea has had hacks before. Are they hitting my email now or is there a new one?”
The news comes a few weeks after one of OpenSea's third-party vendors suffered a security breach that exposed information related to user API keys. OpenSea reported the breach to affected users in a notification email in late September 2023, stating that user emails and developer API keys may have been leaked.
Choose your third party carefully…Opensea has disclosed that a vendor was hacked, which led to the leak of API keys for developers!Get advice from a professional security consultant about third party security before choosing. For example @SlowMist_Team pic.twitter.com/jcBJ9IaAEN
— 23pds (@IM_23pds) September 23, 2023
OpenSea users have received phishing emails in the past. In the year In February 2022, OpenSea reported that its platform experienced a phishing attack outside the OpenSea website and urged users to avoid clicking on any links in the emails. The firm was also investigating rumors of exploits linked to OpenSea-related smart contracts.
Related: Chinese Hackers Use Fake Skype App to Target Crypto Users in New Phishing Scam
OpenSea did not immediately respond to Cointelegraph's request for comment.
This latest phishing campaign comes after OpenSea laid off 50% of its staff, with the stated aim of launching OpenSea 2.0 with a smaller team.
This attack is another reminder to the cryptocurrency community to be vigilant when receiving emails from service providers. To avoid phishing attacks, users should be careful about the authenticity of the email sender and associated links. Users should remember that crypto companies never ask their users for personal information such as wallet addresses or private keys.
Magazine: How to protect your crypto in a volatile market — Bitcoin OGs and experts weigh in.