It’s business “as usual” in the crypto world. Somebody got hacked, firms have been affected, and users impacted. OpenSea, the largest marketplace for non-fungible tokens (NFTs), has informed some users about sensitive data stolen.
The affected users have received letters from crypto companies, such as OpenSea and Nansen, informing them about recent cybersecurity incidents. The common theme was to blame a mysterious vendor, who was unnamed.
“One of our vendors experienced a security incident that may have exposed information about your OpenSea API key,” the firm's email reads.
Blockchain analytics platform Nansen shared on X that one of its third-party vendors was breached, and attackers got admin rights to an account used to provision customer access to Nansen’s platform.
“We managed to stop the unauthorized access shortly after learning about it and launched an immediate investigation. The vendor is an established company that is used by many Fortune 500 companies, as well as other companies in our industry, to manage customer data. We have asked the vendor to publicly disclose the breach in case others are affected,” Alex Svanevik, CEO at Nansen, writes.
Based on preliminary investigations, 6.8% of Nansen users were impacted. All of them had their email addresses leaked, a smaller portion also had password hashes exposed, and the “last, smallest group” also had their blockchain address exposed. Wallet funds were not affected, according to the company.
While OpenSea did not expect the leaked API keys to have any immediate effect, the company warned that external parties may use the keys. Therefore, the company allocated rate limits and requested that users deprecate the usage of existing keys immediately and replace them with newly generated keys. The old keys will expire by October 2nd.
Meanwhile, Nansen asked users to reset their passwords and warned them to be wary of phishing attempts.
Neither company disclosed any additional information about the breachers. Therefore, it's currently unclear if the affected vendor was the same, or which adversaries are responsible.
Breaches and leaks from crypto firms are an ongoing problem. For example, cybercrooks managed to steal $1.7 million in tokens from OpenSea in February last year. Vulnerabilities have also allowed hackers to empty users’ crypto wallets, and in June 2022, OpenSea suffered a massive email data breach. North Korean hackers were caught minting fake NFTs to sell them on popular platforms later.
More from Cybernews:
Subscribe to our newsletter