A number of customers has reported phishing emails pertaining to non-fungible token (NFT) offerings. The emails seem to be official correspondence from Opensea, a well-known NFT marketplace. The business has already stated that hacks on their suppliers may have leaked developer API keys and user emails.
Recently, an unidentified third-party vendor triggered an API leak that affected Opensea. As a result, the business advised users of its APIs to safeguard their accounts from potential hacker abuse through messages they received. Because the security of the previous keys was compromised by an attack by a third-party vendor, Opensea clients must now obtain new API keys as a precaution.
A number of users on the X platform posted messages they said they got from Opensea on September 23, 2023. These notifications indicate that there was a security problem at one of Opensea’s third-party partners, which might have resulted in the unapproved exposure of application programming interface (API) keys. Consequently, it’s possible that malevolent actors were able to obtain confidential information regarding Opensea clients. Opensea strongly urges all clients to stop using their current API keys and get new ones with the same permissions and rate restrictions in order to reduce the risk. Decentralized apps and other third-party services depend on API endpoints to enable standardized and effective communication with distant platforms or servers.