Users of the major nonfungible token (NFT) marketplace OpenSea have reported being targeted with a new email phishing attack. They have received emails containing malicious links from attackers posing as the marketplace.
Social media reports indicate that OpenSea users and developers have been targeted by various email phishing campaigns, including fake developer account risk alerts and fake NFT offers.
One OpenSea developer reported receiving a phishing attempt at an email strictly dedicated to their OpenSea Application Programming Interface (API) key. The developer asserted that dev contacts have been exfiltrated from OpenSea and are the real target in this campaign.
In response to OpenSea’s denial of being hacked, a user mentioned receiving phishing attempts in an email dedicated to their OpenSea API key on social media.
Another OpenSea user expressed confusion about the ongoing phishing campaign on Reddit, reporting receiving multiple scam/phishing emails a day.
The news of the phishing campaign comes after one of OpenSea’s third-party vendors experienced a security incident that exposed information related to user API keys. OpenSea reported the breach in a notification email to affected users in late September 2023.
In February 2022, OpenSea confirmed that its platform faced a phishing attack and urged users to stay away from clicking on any links in the emails.
OpenSea did not immediately respond to Cointelegraph’s request for comment regarding the latest phishing campaign.
Users are reminded to stay vigilant when receiving emails from service providers to avoid phishing attacks. They should be cautious of the email sender’s authenticity and the associated links and remember that crypto firms never ask their users for personal data like wallet addresses or private keys.