As explained yesterday in a Twitter post published by OpenSea itself, the popular platform for NFT collections has been the victim of a new data theft. This attack specifically starts from users’ emails.
An employee of our email vendor, https://t.co/6vM4WAcJal, misused their employee access to download & share email addresses with an unauthorized external party.
Email addresses provided to OpenSea by users or newsletter subscribers were impacted.https://t.co/Osb6qqkqZZ
— OpenSea (@opensea) June 30, 2022
Actually, this would not have happened directly to OpenSea but to their email manager, Customer.io, whose email addresses were allegedly downloaded by an employee to sell to third parties. The incident was reported to law enforcement, but OpenSea explains that those who used the platform before yesterday, 30 June, were most likely compromised.
In fact, the blog post explains:
“If you have shared your email with OpenSea in the past, you should assume you were impacted”.
The result could lead to phishing emails, so the advice is to check and double-check the emails received, avoid downloading anything from the emails, and be sure they are coming from OpenSea.io, and not from other extensions. In any case, people should not provide passwords or seeds of their wallet.
Under OpenSea’s Twitter post, some users claimed to have lost their NFTs, but it is not known whether this is true or happened as a result of phishing emails due to this latest address theft.
Other bugs in the OpenSea household.
Also of interest is the case of collector Foja, who again yesterday on Twitter tagged OpenSea in a post showing that his Bored Apes’ NFT had been delisted for “not complying with terms of service”.
— Foja ᵍᵐ (@foja_eth) June 29, 2022
The problem in this case was immediately resolved by OpenSea support.
Insider trading is also a crime in NFTs
Already in early June there were other problems involving OpenSea, when an employee, Nathaniel Chastain, was accused of insider trading in digital assets.
The former product manager was arrested by the FBI and charged with wire fraud and money laundering in connection with NFT’s insider trading activity.
Chastain allegedly bought a dozen NFTs belonging to a collection that was about to be placed on the OpenSea homepage. Nathaniel then allegedly exploited confidential information to profit through the subsequent sale at about 5 times the price paid.
As OpenSea’s product manager, his role was precisely to choose the Non-Fungible Tokens to be placed on the website’s homepage.