OpenSea has been hacked and users email ids leaked

OpenSea, the largest NFT market, suffered an email leak, which affected all users who are subscribed to its newsletter, or who have ever shared their address with the platform.

The company specified that the leak occurred through its email provider Customer.io. This incident is a clear example of insider threat. An  OpenSea employee downloaded and shared the emails of those who use the platform with a third party.

OpenSea warned its users about the leak, although it does not imply that private wallet keys were stolen. None of the client’s financial data  was compromised. This is not the first time something like this has happened. In the past phishing attacks have happened with open sea customers where fraudulent links to their clients’ emails.

It should be noted that OpenSea does not require registration via email to create an account (although it does offer that option). Registration can be done through Ethereum wallets  such as MetaMask.

OpenSea recommends, taking into account that its users have already suffered this type of attack, to have good security practices. The main one is not to interact with email addresses that do not come from OpenSea.io. It also advises not to sign transactions that are executed after opening a link via email, among other recommendations. For now, the company warned the police, and is working with Customer.io to clarify the facts.