KEY POINTS

  • Breach at OpenSea was due to misuse of access by an employee at email delivery vendor
  • OpenSea says it has reported the data breach to law enforcement
  • The data breach affects all users of the platform who had submitted their email address

OpenSea, the online Non-Fungible Token (NFT) marketplace, reported a data breach impacting the email addresses of its users and warned consumers of potential phishing attempts.

The data breach in question was not OpenSea's fault but that of its email delivery vendor Customer.io. In a blog published Wednesday, the NFT-centric marketplace said that "an employee of Customer.io, our email delivery vendor, misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorized external party."

OpenSea did not tweet about the breach for several hours after publising the blog, doing so finally only Thursday morning, infuriating its customers and underscoring questions about how much crypto platforms care for their customers amid the repeated breaches and hacks.

All users who have used their email on OpenSea are affected by the breach, whether they have used it for the newsletter or for the platform itself. The marketplace also warned customers about possible phishing attacks.

Meet OpenSea
OpenSea is the NFT marketplace with everything for everyone OpenSea Official YouTube Channel

"If you have shared your email with OpenSea in the past, you should assume you were impacted." The incident is currently being investigated but was already "reported to law enforcement."

OpenSea also warned users that "there may be a heightened likelihood for email phishing attempts." It recommended that users "follow the guidelines listed below and treat any future emails that appear to be from OpenSea carefully." It followed with a list of safety recommendations.

Multiple OpenSea users are not happy about the vendor security incident. On Twitter, some users expressed frustration with the latest fiasco in the NFT world.

"OpenSea’s data breach is massive news and I don’t like their nonchalant response. If this were a regulated entity like Web2 companies that process massive amounts of consumer txns & data, there would’ve been severe consequences for everyone involved. We need to demand better," Twitter user @sxtvik said.

Another user gave OpenSea a mouthful, saying "Fckn @opensea is the gift that keeps on giving. Hacked emails. Contract migrations. Suspicious items with no recourse for the buyer. Worst platform for web3. #OpenScam? #OpenSuck? Something else?"

Meanwhile, @kelossus987 said, "This has been going on since the beginning of the year … only now they say something." A Twitter user named Newtus tweeted, "You gotta be kidding me. Data breach at OpenSea. Sigh. Of course, we know nothing and nobody is foolproof."

Twitter handle loujayga blamed OpenSea for its late notification saying, "My bank account was compromised and fraudulent charges made due to the data breach. I would have taken action if alerted when you found out. Instead, I got an email from you an hour after I was hacked. Great work, goobers."