Opensea, a leading NFT marketplace has warned users to be wary of phishing emails. The NFT marketplace gave the warning in a tweet relayed via its verified handle on Thursday. As reported, the NFT marketplace said one of the employees of Customer.io misused the access provided by the platform to download and share its customers’ emails with an external unauthorized party.
According to Opensea, all users who had earlier relayed their respective email addresses to the exchange are impacted by this threat. Opensea says the security breach tends to expose its users to some fraudulent actors. Additionally, It believes malicious persons may begin to explore the leaked email details in reaching its customers with domains similar to Opensea.io, such as OpenSea.org or Opensea.xyz. The NFT marketplace, however, wants users to be very vigilant to avert becoming vulnerable. Subsequently, Opensea reiterates its commitment to working with Customer.io in thr ongoing investigation. As revealed, Opensea vowed to brief law enforcement agencies on the incident.
Meanwhile, the NFT marketplace recommended some tips for its users to adopt in the wake of potential threat posed by the leaking. Opeansea in its recommendation urged users not to sign any wallet transaction relayed to their mail. Furthermore, it urges them not to download any link attached to any suspected phishing mails. Opensea also wants them to keep their passwords private to avert vulnerability to the threat.
Exploitations in the NFT industry
Over time, the expanding NFT industry has been ravaged by series of exploitation. In March, Hubspot endured a security breach which grossly impacted BlockFi, Swan Bitcoin, NYDIG, and Circle. Findings say that the exploitation manifested after users’ names, phone numbers, and emails became leaked. In the same March, a security breach led to the siphoning of over 60 Ether (ETH) worth of NFTs from Arthur0x. The exploiter, as reported, sold the siphoned funds on OpenSea.
In April, Yuga Labs, the developer of the Bored Ape Yacht Club non-fungible tokens suffered the same fate. This, according to reports, resulted to the pilfering of simian NFTs, valued at about millions of dollars. Also, A research into the exploitation revealed how the hacker gained unauthorized access to the Instagram account of BAYC. According to the findings, the hacker used the account to relay a phishing post to users. Unfortunately, many unsuspecting users subscribed to the link attached to the post. This thus connected their crypto wallets to the “smart contract” of the hacker. In addition, Yuga says the development led to the loss of about four Bored Apes and NFTs estimated at $3m.