Skip to main content

On Thursday, the world’s largest NFT marketplace, OpenSea, announced that it was the victim of a security breach, after a employee of email delivery vendor Customer.io downloaded and shared email addresses of OpenSea users with an unauthorized account.

“If you have shared your email with OpenSea in the past, you should assume you were impacted,” the company said.

OpenSea said that users should anticipate phishing scams.

“Please be aware that malicious actors may try to contact you using an email address that looks visually similar to our official email domain, ‘opensea.io’ (such as ‘opensea.org’ or some other variation),” the company said.

Scroll to Continue

Recommended for You

OpenSea outlined measures users could take to minimize risks and avoid becoming victims of phishing attacks, including (1) exercising caution with emails attempting to impersonate OpenSea or its email addresses, (2) avoiding downloading anything received in an OpenSea email, (3) avoiding giving passwords or secret wallet phrases, and (4) avoiding signing wallet transactions from emailed links or prompts.

This comes on the heels of other high-profile data and security breaches. In May, OpenSea was a victim of a phishing attempt on its Discord server, and in January, hackers were able to exploit OpenSea’s platform to purchase non-fungible tokens below their market price. The disaster led the company to refund approximately $1.8 million to users impacted by the attack.