The largest NFT marketplace, OpenSea, has issued a notice warning its users to expect possible scam messages, particularly through emails. OpenSea had to issue the warning notice following a discovery that a staff of Customer.io had leaked OpenSea’s users’ data to a third party.
Customer.io is one of OpenSea’s contractors. The platform is in charge of OpenSea’s email correspondence and campaigns. OpenSea didn’t explain why the Customer.io staff revealed its customers’ user data to an outsider. There have been many crypto firms’ user data breaches through CRM platforms recently.
A few months ago, HubSpot, another CRM platform like Customer.io, was hacked. The hack leaked user data from four crypto firms (Blockfi, Circle, Swan Bitcoin, and NYDIG). Some of the user data that hackers could access include phone numbers, names, and emails.
OpenSea also told its users that they should only click on the OpenSea.io domain and any other link that redirects them to that domain. Hence, they should be careful when receiving emails or messages from similar domains. Some similar domains include OpenSae.io, OpenSea.org, and OpenSea.xyz. However, customers of the NFT platform have shared on Twitter that they have been bombarded with several spam messages – email, text, and calls.
Opensea Provides Guidelines For Its Users’ Protection
OpenSea has shared various ways its users could prevent being scammed following the data breach. It asks its users not to download any email attachments. According to OpenSea, it isn’t in the habit of asking its users to download email attachments.
In addition, users must be sure that any hyperlink in any message they receive is directed toward the current OpenSea website. OpenSea repeats that its domain name is OpenSea.io and any similar ones are phishing links.
Furthermore, OpenSea clarifies that it won’t use emails to ask its users to reveal or confirm their data (whether passwords or secret wallet phrases). Also, OpenSea won’t use email to ask users to confirm a wallet transaction.
Customers must ensure any actions it performs are done on the right OpenSea domain. OpenSea states that its users; safety and trust are highly important. The NFT platform further adds that it has reported the matter to the appropriate channels. Thus, they will soon launch inquiries into the matter.
Customer.io and OpenSea will cooperate with the authorities to get to the root of the matter. OpenSea also requests that its users report malicious content to its customer support department.
OpenSea Isn’t New To Phishing Attacks
The leading NFT platform has been the subject of several phishing attacks in the last few months. In May, a third party gained access to OpenSea’s discord server and created a phishing link for a non-existing youtube genesis NFT.
Earlier in the year, another OpenSea hacker tricked users into signing off on a phishing link to confirm an NFT transaction. The hacker stole $3m in NFTs through that phishing link.