1 year ago
OpenSea users person reportedly been targeted with a wide email phishing campaign, including a fake developer API hazard alert and a fake NFT offer.
Users of the large nonfungible token (NFT) marketplace OpenSea person said they are being targeted with a caller email phishing attack, and person received emails containing malicious links from attackers posing arsenic the marketplace itself.
According to societal media reports, OpenSea users and developers person been targeted by assorted email phishing campaigns, including a fake developer relationship hazard alert and a fake NFT offer.
One OpenSea developer took to X (formerly Twitter) connected Nov. 13 to study receiving a phishing effort to an email strictly dedicated to their OpenSea Application Programming Interface (API) key. “In different words, dev contacts person been exfiltrated from OpenSea and are the existent people successful this campaign,” the poster said.
The societal media study came successful effect to OpenSea's insistence that the level has not been hacked and urging users not to click connected links they don’t trust.
Correct- determination is nary astute declaration vuln. But unluckily for @opensea I conscionable received a phishing attempt, to an email that was strictly dedicated to my OpenSea API key. In different words, dev contacts person been exfiltrated from OpenSea and are the existent people successful this run https://t.co/GD4UgwWIrx pic.twitter.com/rtyUJBMlwl
— Quantity (@quantity) November 13, 2023Another OpenSea idiosyncratic took to Reddit to express disorder astir the ongoing phishing run connected Nov. 14.
“Haven't utilized OpenSea for years and each of a sudden, I support getting emails talking astir my NFT listings getting offers,” the poster wrote, adding that each the susceptible links were trying to nonstop the scholar to instal a malicious app.
“Right present I'm getting 3-4 scam/phishing emails a time which is brainsick since I got zero conscionable a fewer weeks ago,” the Redditor wrote, adding:
“So my question is did thing caller hap to OpenSea. The email code of excavation they are hitting is 1 I created specifically for OpenSea truthful not acrophobic but I cognize OpenSea had hacks previously. Are they conscionable present hitting up my email oregon is determination a caller one?”The quality comes a fewer weeks aft 1 of OpenSea’s third-party vendors experienced a information incidental that exposed accusation related to idiosyncratic API keys. OpenSea reported the breach successful a notification email to affected users successful precocious September 2023, stating that idiosyncratic emails and developer API keys whitethorn person been leaked owed to the attack.
Choose your 3rd enactment well…
Opensea posted that a vendor was attacked, resulting successful the leak of developers' API keys!
Get proposal from a nonrecreational information advisor astir the information of the 3rd enactment earlier choosing. E.g. @SlowMist_Team pic.twitter.com/jcBJ9IaAEN
OpenSea users person received phishing emails previously. In February 2022, OpenSea officially confirmed that its level faced a phishing onslaught from extracurricular the OpenSea website and urged users to enactment distant from clicking connected immoderate links successful the emails. The steadfast was besides investigating rumors of an exploit associated with OpenSea-related astute contracts.
Related: Chinese hackers usage fake Skype app to people crypto users successful caller phishing scam
OpenSea did not instantly respond to Cointelegraph’s petition for comment.
This latest phishing run is happening conscionable after OpenSea laid disconnected 50% of its staff, with the stated volition of launching OpenSea 2.0 with a smaller team.
This onslaught is yet different reminder for the cryptocurrency assemblage to enactment vigilant erstwhile receiving emails from work providers. To debar a phishing hack, users should beryllium cautious of the email sender’s authenticity and the associated links. Users should besides retrieve that crypto firms ne'er inquire their users for idiosyncratic information similar wallet addresses oregon backstage keys.
English (US) 