OpenSea Exposes User Data

A third-party provider of OpenSea has experienced a security breach that exposed users' API keys.

OpenSea Exposes User Data
Image: CryptoSlate

The leading NFT marketplace, OpenSea, has issued a warning and is urging users to change their API keys immediately following a security breach from a third party.

The company noted that the breach would affect any programs using OpenSea's API keys. The exposure of these keys could lead to attacks on users and impact the processing speed of applications utilizing OpenSea’s API keys. As a result, the platform plans to invalidate the current keys before October 2nd, according to an email announcement.

JUST-IN: Third-party data breach @ OpenSea

I assume the same third-party as Nansen — only API keys affected here though
pic.twitter.com/2oxgSZB8id — Matrix (@MatriXBT) September 22, 2023

As of now, OpenSea has not disclosed how many users were affected by the incident or provided additional information beyond the exposed API keys.

At the same time, the well-known crypto analytics company Nansen also suffered a breach, exposing email addresses, passwords, and wallet addresses of 6.8% of its users.

As of May 2023, OpenSea ranked second in the NFT market with 36.5% of trading volume. The platform, which once held a dominant position, has since been overtaken by Blur, a competitor that has rapidly risen to capture 56.8% of the market share.

This is not the first time OpenSea has faced security challenges. Last year, the platform experienced a significant email address leak due to an employee error while working with the email partner Customer.io. Such agreements often present vulnerabilities that hackers are keen to exploit.