As crypto-linked scams are on the rise, OpenSea has been hit with a series of hacks this year.
OpenSea, the largest NFT marketplace by daily traffic, reported a data compromise on Thursday via its email vendor Customer.io.
According to the marketplace, a Customer.io employee abused their access by downloading and sharing customer email addresses with a third party.
The compromise is expected to affect any client who has shared their email address with the marketplace, whether for the platform or its newsletter. Following the hack, OpenSea issued a warning to customers about potential phishing attempts.
In a blog post, the NFT marketplace stated that it is in communication with law enforcement officials about the incident and that an investigation is underway.
The recent data breach is far from OpenSea’s and its customers’ first serious attack this year. The popular NFT marketplace’s Discord server was hijacked in May and inundated with phishing attacks. The hack emptied several user wallets.
One of the exchange’s worst attacks yet occurred in January, when an exploit allowed hackers to sell NFTs without the owners’ permission. While the marketplace refunded its clients approximately $1.8 million, the entire impact of the incident was unknown.
The recent OpenSea data leak occurred despite the marketplace recently improving its security safeguards to prevent scams.
The OpenSea compromise comes less than a week after another high-profile cryptocurrency heist in which around $100 million was stolen from the DeFi network, Harmony. This attack was most likely carried out by the well-known North Korean hacking organization Lazarus.
The organization is also responsible for multiple previous crypto-related hacks, most notably the Axie Infinity hack in April, which stole over $600 million in tokens. To date, the attack is one of the largest crypto-linked hacks ever.
According to a recent report from blockchain analytics startup Elliptic, the organization has stolen over $2 billion in total.