OpenSea, one of the world’s most popular marketplaces for non-fungible tokens (NFTs), has been hacked, with sensitive user data stolen.
The company confirmed the news in an email notification sent to affected parties, telling users that one of its vendors had experienced a security incident, “which may have exposed information about your OpenSea API key.”
“We do not expect this to have any immediate effect on your integration with our platform,” the company’s message said. “However, your key may be used by external parties who will use the assigned rate limit.”
Missing details
To address the issue, OpenSea asked users to replace existing keys, which would expire on October 2 anyway.
Other details about the incident have not been released, so we do not know who the threat actors were, or what their motives are. We also don’t know how many people were affected by the breach and whether any other sensitive information was captured in the process.
We’ve asked OpenSea for more details and will provide updates if we hear from the company. We also asked whether the company has taken additional safety measures to prevent similar incidents from happening again.
This isn’t the first time OpenSea has been hacked. In fact, there have been several such incidents. For example, in April 2022, hundreds of NFTs were stolen from OpenSea users’ accounts after a series of successful phishing attacks.
A list compiled by blockchain security firm PeckShield shows that more than 250 NFTs have been stolen, including items from popular collections such as the Bored Ape Yacht Club. Although some have since been recovered, wallet analysis shows that the stolen tokens netted the attacker approximately $1.7 million in resale value.
In July of the same year, the company warned its users to be wary of possible phishing attacks after a data breach exposed email addresses linked to user accounts.