Reports indicate that OpenSea users have been targeted with fake developer API alerts and NFT offers in a widespread phishing campaign
Some OpenSea users have reportedly complained about receiving phishing emails containing malicious links. The emails are allegedly from attackers posing as the NFT marketplace.
According to reports from a Web3 Anti-Scam platform on X(formerly Twitter), users were warned about the recent email phishing campaign. The campaign includes fake developer account alerts and fake NFT offers.
Opensea tweeted on their official page on X (formerly Twitter) stating that their platform is fine and there’s currently no hack. They also warned users to avoid clicking on links they don’t trust.
An OpenSea developer took to X (formerly Twitter) on Nov. 13 in response to OpenSea statement about the platform not being hacked, the developer reported receiving a phishing email that targeted their API key.
“Correct- there is no smart contract vuln. But unfortunately for @opensea I just received a phishing attempt, to an email that was strictly dedicated to my OpenSea API key. In other words, dev contacts have been exfiltrated from OpenSea and are the real target in this campaign.”
On Nov. 14, another OpenSea user expressed concerns on Reddit over the ongoing phishing campaign. The user said: “Haven’t used OpenSea for years and all of a sudden, I keep getting emails talking about my NFT listings getting offers,” the user also added that the links he received are all fake and they were trying to direct the reader to install a malicious app.
https://www.reddit.com/r/CryptoCurrency/comments/17vbg6n/did_something_happen_to_opensea/?utm_source=share&utm_medium=mweb
This news comes a few weeks after one of OpenSea’s third-party vendors was involved in a data breach that exposed user API keys. OpenSea notified users of the breach in a September email.
This isn’t the first time OpenSea users have received phishing emails. In February 2022, OpenSea confirmed that it was facing a phishing attack and urged users not to click on any links in the emails. The company also investigated reports of an exploit associated with OpenSea-related smart contracts.
OpenSea did not immediately respond to a request for comment. This incident follows OpenSea’s recent announcement that it would lay off 50% of its staff, citing a renewed focus on the launch of OpenSea 2.0 with a smaller team.
This phishing attack serves as a reminder to the crypto community to be cautious of emails from service providers. Users should always verify the sender’s identity and avoid clicking on links in emails.
Read also: How Stride is transforming liquid staking on Cosmos