OpenSea, the largest non-fungible token (NFT) marketplace by trading volume, has suffered a data breach after an employee of Customer.io, the platform’s email delivery partner, leaked user data.
In a blog post on Thursday, the marketplace said that an employee of Customer.io “abused employees’ access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorized external party.”
According to OpenSea, all customers who have shared their email with the platform in the past should assume that they have been affected by the breach. The company added that this could result in “an increased likelihood of email phishing attempts attempting to mimic OpenSea.”
OpenSea said that malicious actors can try to contact customers via emails originating from domains similar to OpenSea.io, such as OpenSea.org and OpenSea.xyz.
Some customers took to Twitter to share screenshots which shows that OpenSea contacted them by email to inform them of the breach.
The company added that it assists Customer.io in the ongoing investigation, and has reported the incident to the police.
Multiple cryptodata leaks
Although crypto-focused companies typically pay increased attention to security aspects of their operations, this is not the first time the site has been hit by a major data leak.
In March, a data breach at HubSpot, a popular customer relations software company, resulted in hackers stealing customer data from Circle, BlockFi, Pantera Capital, NYDIG and other prominent crypto companies.
“The information that may have become available includes first and last names, e-mail addresses, postal addresses, telephone numbers and regulatory classifications,” Pantera said at the time.
Last month, OpenSea also saw its Discord server compromised and flooded with phishing ads promoting a scam NFT coin offered in collaboration with YouTube.
In January, the NFT platform fell victim to one of the most devastating attacks to date, with hackers using an exploit to buy more NFTs well below market value. OpenSea later reimbursed around $ 1.8 million to users who accidentally sold their NFTs, while launching an “inactive listings” feature.
Do you want to become a crypto expert? Get the best from Decrypt right to your inbox.
Get the biggest crypto news + weekly summaries and more!