OpenSea, the popular NFT marketplace that hit a colossal $13 billion valuation in January, is warning users of email phishing after a data breach.
A staff at Customer.io, an email vendor, contracted by OpenSea, misused their employee access to download and share email addresses of OpenSea’s users and newsletter subscribers with an unauthorized external party, the world’s largest NFT marketplace said Wednesday night.
The scale of the security breach appears massive. “If you have shared your email with OpenSea in the past, you should assume you were impacted,” the company said, adding that it’s working with Customer.io in an ongoing investigation and has reported the incident to law enforcement.
According to data collected by Dune Analytics, an open-source crypto analytics platform, more than 1.8 million users have made at least one purchase through the Ethereum network on OpenSea.
We have reached out to OpenSea for more information.
Crypto startups have emerged as a target for cyberattacks as the industry sees explosive growth and money pouring in. Blockchain-based, decentralized networks promise better security, but the average users today lean towards centralized services like OpenSea for their convenience.
Another example is the data breach at HubSpot, a customer relations management software company, in March, which led to breaches at BlockFi, Circle, and others. Fractal, an NFT platform started by Twitch co-founder Justin Kan, had a rocky debut in December after a scammer hacked the announcement bot to pocket $150,000.
One of the biggest crypto heists to date has been the $625 million theft from Ronin, a blockchain network connected to the play-to-earn game Axie Infinity.
Growing at a breakneck rate, these platforms are subject to similar if not greater security risks as the established web services that use centralized cloud services — rather than distributed ledger technologies like blockchain which is believed to be better at preventing cyberattacks.