OpenSea API Users Warned of Third-Party Security Breach – OpenSea, the NFT marketplace, has issued a caution to specific platform users, advising them to change the API keys they utilize. This action comes in response to a security breach from a third-party source, which exposed them to potential attacks. “One of our vendors experienced a security incident that may have exposed information about your OpenSea API key,” the company wrote in an email to customers.
In May 2023, OpenSea held the position of the second-largest NFT marketplace, accounting for 36.5% of trading volume, with Blur taking the lead at 56.8%, having launched nearly a year prior. OpenSea has directed its users to promptly discontinue the use of their existing keys and replace them with new ones, with the current keys set to expire on Monday, October 2.
People Also Read: Polygon Partners With Salesforce for NFT-Based Loyalty Program
While this breach isn’t anticipated to cause an “immediate effect” on users’ integration with the platform, OpenSea cautioned that third-party access might affect users’ allocated rates and usage limits. “The newly generated keys API keys will have the same permissions and rate limits as the expiring keys,” added OpenSea.
The platform refrained from disclosing the number of users impacted or whether other data beyond API keys might be in jeopardy. Not long after a comparable security breach occurred with one of Nansen’s third-party suppliers, which exposed certain users’ blockchain addresses, password hashes, and email addresses, the on-chain analytics platform reported that 6.8% of its user community was impacted.
While not naming names, Nansen said at the time that the vendor is “used by many Fortune 500 companies.” In June of the previous year, OpenSea, like several other cryptocurrency companies, experienced a data leak where customers’ email addresses were inadvertently exposed due to an employee’s error while collaborating with their email delivery partner, Customer.io.
When crypto firms’ customer email addresses are compromised, attackers frequently exploit them to distribute convincing phishing scams to customers. OpenSea faced another security incident in May 2022 when its Discord server was breached, and hackers promoted a fake NFT mint, falsely claiming a partnership with YouTube.