OpenSea, the largest NFT marketplace by daily volumes, on Thursday flagged a data breach through its email vendor Customer.io.
The marketplace said that an employee of Customer.io misused their access to download and share customer email addresses with an external party.
Any customer that has shared their email with the marketplace- be it for the platform or its newsletter- is likely impacted by the breach. OpenSea warned customers against potential phishing attempts following the breach.
The NFT marketplace said in a blog post that it is now in contact with law enforcement officials over the breach, and that an investigation is underway.
OpenSea hit with string of hacks this year
The latest data breach is far from the first major attack on OpenSea and its customers this year. In May, the popular NFT marketplace’s Discord server was compromised and flooded with phishing attacks. Several user wallets were drained in the attack.
Trending Stories
In January, the exchange saw one of its worst attacks yet, where an exploit allowed hackers to sell NFTs without the owners permission. While the marketplace repaid about $1.8 million to its customers, the overall impact of the attack was unclear.
The recent data breach for OpenSea comes despite the marketplace recently tightening its security measures to prevent scams.
Crypto-linked scams on the rise
The OpenSea breach comes less than a week after another high-profile crypto hack, which saw about $100 million stolen from the DeFi protocol Harmony. This attack was likely perpetrated by the notorious North Korean hacking group Lazarus.
The group is behind several other crypto-related attacks, most notably the Axie Infinity hack in April, which pilfered over $600 million worth of tokens. The attack is to date one of the largest crypto-linked hacks ever.
A recent report from blockchain analytics firm Elliptic suggests that the group has stolen over $2 billion in total.