The world’s largest NFT marketplace warns users of an insider hack


OpenSea has warned its users that they could be exposed to a scammer who has hacked the company from the inside.


The world’s largest NFT marketplace has adopted it announce blog that an employee of, the company’s email provider, used their employee access to download and share email addresses of OpenSea users with all subscribers to the OpenSea newsletter. OpenSea has stated that an investigation has been launched into the matter and that law enforcement has already been contacted regarding the hack.

Since the hack primarily targeted email addresses, users should be very careful not to be contacted via email by anyone claiming to be an OpenSea employee. The NFT platform explains that the email address used by malicious actors looks very similar to the official email domain – “official email address domain=”“. The platform, in its security and recommendations, emphasizes that it will only ever contact users from the domain “” and that any other variation of the email is inadmissible.

World's Largest NFT Marketplace Warns Users of Insider Hack 02 |

In addition, OpenSea recommends that users never download anything from an OpenSea email, since authentic OpenSea emails never contain downloadable content or attachment files. While it may be obvious to some, never share secret wallet phrases or passwords with anyone, even if they claim to be an OpenSea employee.

Exposing the email list certainly gives the attacker a solid base of active people to attempt to steal their NFTs from and likely distribute malware. Individuals and companies who receive emails from OpenSea about new and ongoing activities should instead do so manually through the website.warns Karl Steinkamp, ​​​​the director of Coalfire.

In particular, users should never sign a wallet transaction via email. OpenSea states that its official emails will never contain links asking users to sign a wallet transaction. Stephen Banda, a senior manager at Lookout, a cybersecurity firm, said the internal hack was likely financially motivated as there is a very lucrative market for user data, particularly cryptocurrency-based user data.

There is a lucrative market for stolen information and credentials. In this case, 2 million email addresses of customers of the world’s largest marketplace for NFTs become very attractive for attackers who want to launch broad phishing attacks.‘ Banda said.

In other NFT news, the market appears to have dived sharply off a cliff, with even hugely popular projects like Bored Apes plummeting as much as 30% in just 30 days.


About Author

Comments are closed.