Users of the major nonfungible token (NFT) marketplace OpenSea have said they are being targeted with a new email phishing attack and have received emails containing malicious links from attackers posing as the marketplace.
According to social media reports, OpenSea users and developers have been targeted by various email phishing campaigns, including a fake developer account risk alert and a fake NFT offer.
One OpenSea developer took to X (formerly Twitter) on Nov. 13 to report receiving a phishing attempt at an email strictly dedicated to their OpenSea Application Programming Interface (API) key. “In other words, dev contacts have been exfiltrated from OpenSea and are the real target in this campaign,” the post read.
The social media report came in response to OpenSea’s insistence that the platform has not been hacked and urging users not to click on links they don’t trust.
Correct- there is no smart contract vuln. But unfortunately for @opensea I just received a phishing attempt, to an email that was strictly dedicated to my OpenSea API key. In other words, dev contacts have been exfiltrated from OpenSea and are the real target in this campaign https://t.co/GD4UgwWIrx pic.twitter.com/rtyUJBMlwl
Another OpenSea user took to Reddit to express confusion about the ongoing phishing campaign on Nov. 14.
“Haven’t used OpenSea for years and all of a sudden, I keep getting emails talking about my NFT listings getting offers,” the poster wrote, adding that all the vulnerable links were trying to direct the reader to install a malicious app.
“Right now I’m getting 3-4 scam/phishing emails a day which is crazy since I got zero just a few weeks ago,” the Redditor wrote, adding:
The news comes a few weeks after one of OpenSea’s third-party
Read more on cointelegraph.com