Major Leak of OpenSea Customer Emails

Non-fungible tokens (NFTs) marketplace OpenSea issued a warning after the list of its customers’ emails was leaked to an outside party, the company said in a blog post on Thursday.

According to the announcement, the phishing emails warning was issued once OpenSea learned that an employee of Customer.io — a platform for managing email campaigns and newsletters — leaked the list of its customers’ emails to a third party. The company noted that this breach has affected all of the users who had given their email to the marketplace, whether for the platform or its newsletter.

The world’s largest NFT marketplace said it had already contacted law enforcement officials about the breach, and that an investigation is in progress. OpenSea also reminded its users that the malicious actors are likely to contact them via emails from similar domains, such as OpenSea.org or OpenSea.xyz.

Newsletter management platforms appear to be a weak spot for crypto firms as of late, with data leaks continuing to happen. Back in March, Hubspot — a platform with similar services as Customer.io — was hacked, exposing usernames, phone numbers, and emails of customers from BlockFi, Swan Bitcoin, NYDIG, and Circle.

This is not the first time the NFT marketplace has suffered a data breach this year, with OpenSea falling victim to a hack of its Discord server back in May, with numerous wallets getting exploited in the process. Back in January, an exploit on the platform allowed an attacker to sell a number of NFTs without permission — with the marketplace reimbursing $1.8 million in losses — while in February, 17 wallets had their NFTs stolen following a phishing attack.