NFT giant OpenSea reports major data breaches by email – TechCrunch
OpenSea, the popular NFT marketplace that reached a colossal value of 13 billion dollars in January, warns users about e-mail phishing after a data breach.
An employee of Customer.io, an email provider contract with OpenSea, abused employees’ access to download and share email addresses of OpenSea users and newsletter subscribers with an unauthorized external party, the world’s largest NFT marketplace said Wednesday night.
The extent of the security breach seems massive. “If you’ve shared your email with OpenSea in the past, you should assume you were affected,” the company said, adding that it is working with Customer.io in an ongoing investigation and has reported the incident to police.
More than 1.8 million users have made at least one purchase through the Ethereum network on OpenSea, according to data collected by Dune Analytics, an open source cryptanalysis platform.
“We believe this was a result of the actions of an employee who had role-specific access privileges that were abused,” a Customer.io spokesman told TechCrunch. “We do not believe that any other clients’ data has been compromised, but we continue to investigate. The employee in question has had all access removed and has been suspended pending the conclusion of our investigation.”
Crypto-startups have emerged as a target for cyberattacks as the industry sees explosive growth and money flowing in. Blockchain-based, decentralized networks promise better security, but average users today rely on centralized services like OpenSea for their convenience.
An example of this, in March, led to a data breach at HubSpot, a customer relations software company, to data breaches at BlockFi, Circle and others. Fractal, an NFT platform started by Twitch co-founder Justin Kan, had a rocky debut in December after a scammer hacked the announcement robot for $ 150,000.
One of the biggest cryptocurrencies to date has been the $ 625 million theft from Ronin, a blockchain network connected to the play-to-earn game Axie Infinity.
Self-proclaimed Web3 platforms that rely on centralized cloud services are growing at a furious pace, and are subject to similar if not greater security risks as established Web 2.0 services compared to those built on distributed ledger technologies such as blockchain, which are believed to be better to prevent cyber attacks.
Updated with comment from Customer.io.