OpenSea, the largest NFT market, suffered an email leak, which affected all users who are subscribed to its newsletter, or who have ever shared their address with the platform.
The company specified that the leak occurred through its email provider Customer.io. This incident is a clear example of insider threat. An OpenSea employee downloaded and shared the emails of those who use the platform with a third party.
OpenSea warned its users about the leak, although it does not imply that private wallet keys were stolen. None of the client’s financial data was compromised. This is not the first time something like this has happened. In the past phishing attacks have happened with open sea customers where fraudulent links to their clients’ emails.
It should be noted that OpenSea does not require registration via email to create an account (although it does offer that option). Registration can be done through Ethereum wallets such as MetaMask.
OpenSea recommends, taking into account that its users have already suffered this type of attack, to have good security practices. The main one is not to interact with email addresses that do not come from OpenSea.io. It also advises not to sign transactions that are executed after opening a link via email, among other recommendations. For now, the company warned the police, and is working with Customer.io to clarify the facts.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.