Users of the largest NFT marketplace warned of phishing after data leak | Non-fungible tokens (NFTs)

The world’s largest marketplace for non-fungible tokens (NFTs) has warned users to be on the lookout for email phishing attacks following a massive data leak.

OpenSea, where traders exchange cryptoassets, asked customers and newsletter subscribers not to open emails and files “sent by strangers” after disclosing the breach.

It said its email database had been sent to an unnamed “unauthorized external party” by an employee of a firm used by OpenSea to send automated emails.

“We recently learned that an employee at Customer.io, our email delivery provider, abused employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorized external party ,” OpenSea said.

It added that the potential impact was widespread. “If you have shared your email with OpenSea in the past, you should assume that you were affected.” OpenSea said the incident had been reported to the police.

New York-based OpenSea said there could be an “increased likelihood” of email phishing attempts targeting people whose data has been leaked. Phishing attacks involve tricking victims via email into downloading malware or handing over login details. According to OpenSea’s website, it has more than 600,000 users.

In a message sent to those affected, OpenSea urged users to be “extra careful” with email security. The firm warned users to avoid emails pretending to be the opensea.io domain and not to download anything from an opensea email, as well as to avoid opening emails or files from strangers.

A kunde.io spokesperson said: “We are working closely with OpenSea and are assessing exactly how these email addresses were compromised. We believe this was the result of the actions of an employee who had role-specific access rights that were misused.”

OpenSea has been subject to other security incidents this year. In February, $1.7m (£1.4m) worth of NFTs were stolen from the platform in an apparent phishing attack, while in May OpenSea’s official Discord server was hacked.

NFTs give ownership of a unique digital object—whether it’s a virtual artwork by Damien Hirst or a jacket to be worn in the metaverse—to someone, even if that object can be easily copied. Ownership is recorded on a digital, decentralized ledger known as a blockchain. NFT spending reached $40 billion last year from just $100 million in 2020, though the rate of growth has slowed markedly amid a sharp crypto downturn.

News of the breach came as EU negotiators rolled out the latest details on a comprehensive package of crypto regulations for the bloc’s 27 nations, known as Markets in Crypto Assets, or MiCA.

The new regulations are expected to have influence outside the EU by setting a trend similar to the standards the bloc has set for privacy. However, NFTs will not be part of the legislation.

Sign up for the daily Business Today email or follow Guardian Business on Twitter at @BusinessDesk

The EU rules are “really the first comprehensive crypto regulation in the world,” said Patrick Hansen, a crypto venture advisor at Presight Capital, a venture capital firm. “I think there will be a lot of jurisdictions that will look closely at how the EU has handled it since the EU is first here,” he added.

Under the Markets in Crypto Assets Regulations, exchanges, brokers and other crypto companies face strict rules to protect consumers. The digital asset market has been hammered in recent weeks, with the cornerstone cryptocurrency, bitcoin, falling back below $20,000 on Thursday – compared to a peak of nearly $69,000 last November.

Companies that issue or trade crypto-assets like stablecoins – which are typically pegged to the dollar or a commodity like gold with the aim of making them less volatile than regular cryptocurrencies – face tough transparency requirements that require them to provide detailed information about risks, costs and charges that consumers face.

In a separate regulatory development on Wednesday, the EU agreed on new rules that subject transfers of cryptocurrency to the same money laundering rules as traditional bank transfers.

When a crypto asset changes hands, information about both the source and the recipient must be stored on both sides of the transfer, according to the new rules. Crypto companies will have to hand over this information to authorities investigating criminal activity such as money laundering or terrorist financing.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *