Stolen Data of OpenSea Users

Stolen Data of OpenSea Users

·

3 min read

Unfortunately, it is not surprising that data incidents are abundant on NFT platforms. Cybercriminals are after your beloved NFTs and are trying to steal them through numerous hypocritical tricks. These include finding backdoors of the firewalls and stretch to free NFT promises.

It was last Thursday when I woke up to an email from OpenSea explaining that many email addresses were stolen by an employee from their business partner:

You are receiving this email because an employee of our email vendor, Customer.io, misused their access to Customer.io’s systems to download and share email addresses with an unauthorized third party. Impacted email addresses include those provided by OpenSea users and subscribers to our newsletter.

At this time, we believe that your email address may have been part of the customer.io data incident.

Although bygones were bygones by then, they at least reminded once more the fundamental practices to avoid being a victim of email phishing:

Please be extra cautious about email safety during this time. For reference, we’ve laid out some email safety best practices below.

Safety Recommendations:

1. Be cautious of phishing emails from addresses trying to impersonate OpenSea. OpenSea will ONLY send you emails from the domain: ‘opensea.io.’ Please do not engage with any email claiming to be from OpenSea that does not come from this email domain.
2. Never download anything from an OpenSea email. Authentic OpenSea emails do not include attachments or requests to download anything.
3. Check the URL of any page linked in an OpenSea email. We will only include hyperlinks to ‘email.opensea.io’ URLs. Make sure that ‘opensea.io’ is spelled correctly, as it’s common for malicious actors to impersonate URLs by shuffling letters.
4. Never share or confirm your passwords or secret wallet phrases. OpenSea will never prompt you to do this – in any format.
5. Never sign a wallet transaction prompted directly from an email. OpenSea emails will never contain links which directly prompt you to sign a wallet transaction. Never sign a wallet transaction that doesn't list the origin of opensea.io if you were led there by email.

Of course, some closing words were in place trying to maintain users' trust:

Your trust and safety is a top priority, and we wanted to share the information we have at this time. We’ve reported the incident to law enforcement and are cooperating with their investigation.

Please help us keep the community safe by reporting any suspicious communication that appears to be from OpenSea at support.opensea.io.

Please find below the full text of the email:

Screen Shot 2022-07-02 at 14.31.24.png

I was going to author a post about security issues on the NFT platforms and about wallets - it seems like sooner better. I will be looking forward to a follow-up email from OpenSea if there are updates about the incident.