Users of the popular nonfungible token (NFT) marketplace OpenSea have reported falling victim to a recent email phishing attack, where malicious actors impersonate the platform to deceive users.
Reports circulating on social media highlight various phishing campaigns targeting OpenSea users, including a fake developer account risk alert and fraudulent NFT offers.
One OpenSea developer shared their experience on X (formerly Twitter) on November 13, revealing that they received a phishing attempt via an email dedicated solely to their OpenSea Application Programming Interface (API) key.
This incident suggests that attackers may have gained access to developer contacts from OpenSea, making them the primary target of this campaign.
Despite this, OpenSea has maintained that its platform has not been compromised and urged users to exercise caution when clicking on suspicious links.
On November 14, another OpenSea user expressed confusion about the ongoing phishing campaign on Reddit.
They reported receiving emails related to NFT offers, even though they hadn’t used OpenSea for years. These emails contained links attempting to install a malicious app.
READ MORE: XRP Price Surges 12% on Fake BlackRock Filing, Markets Quickly Correct
The user noted a sudden increase in phishing emails, raising concerns about OpenSea’s security.
This phishing incident comes shortly after one of OpenSea’s third-party vendors experienced a security breach in late September 2023, which led to the exposure of user API keys and email addresses.
OpenSea promptly notified affected users about the breach.
Notably, OpenSea had previously faced phishing attacks in February 2022, warning users to avoid clicking on links in emails originating from outside the official OpenSea website.
The company also investigated rumors of exploits tied to OpenSea-related smart contracts.
OpenSea has not yet responded to requests for comment from Cointelegraph.
This recent phishing campaign adds to the challenges faced by OpenSea, as the platform recently announced a significant reduction in staff, with plans to launch OpenSea 2.0 with a smaller team.
In light of these events, it is crucial for the cryptocurrency community to remain vigilant when receiving emails from service providers.
To protect themselves from phishing attacks, users should verify the authenticity of the sender and exercise caution when clicking on links.
Additionally, it’s important to remember that legitimate crypto firms never request personal data such as wallet addresses or private keys via email.
Discover the Crypto Intelligence Blockchain Council
