Opensea – Victim of a data leak from its users

Despite its security and anonymity requirements, the cryptocurrency sector is not immune to private data leaks. This seemingly worthless personal information, but whose price can quickly soar on the dark web. Especially when it comes to e-mail addresses or specific information related to financial areas such as NFTs. Because they then make it possible to launch phishing operations against the users concerned. And to collect the precious tokens by posing as a legitimate platform. A “security incident” just reported by the current leader Opensea today.

The NFT sector excites both investors and digital ambush scammers. Because a recent study recently stated that more than 90% of their holders had already been victims of a scam in the field. An alarming figure, probably to be compared with the strong adoption of this technology outside the crypto area. All this spiced up with the risk of permanently losing those precious digital collectibles with just one unfortunate click on an inappropriate link… and intended for that purpose.

NFT tokens

NFT vs phishing – How to identify and avoid potential scams?

Hugh B. – 07 Jun 2022 – 15:00

Holders of NFTs have become prime targets for scams […]


Indeed, the techniques deployed to steal these NFTs are numerous and often very well established. With the risk of no longer being able to recover them, because reversing is not an option included in blockchain technology. A situation recently encountered by actor Seth Green, who was finally forced to buy back his stolen Bored Ape Yacht Club (BAYC) NFT following a phishing operation. And as much to say that things will not calm down soon for users of the Opensea platform. Because the latter has just reported a “security incident” most unfortunate.

Opensea – Victim of a “security incident”

The security flaw was obviously discovered very recently. Because Opensea platform just revealed it in a blog post published just a few hours ago. But this does not allow to know for how long this haemorrhage of the private data of its users continued. This last at the initiative of an employee of the company in charge of managing “email deliveries. With the consequence, the sharing of this sensitive information “with an unauthorized external party”.

We recently learned that an employee of, our email delivery provider, abused their employee access. This is in order to upload and share addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorized external party. If you’ve shared your email with OpenSea in the past, you should assume you’ve been impacted.


A situation that brings up the specter of unfortunately emblematic cases, such as the security breaches that hit the Ledger company or its partners between 2020 and 2021. This to the point of triggering very real risks, sometimes going so far as to engage the physical security of the users concerned. But this time things seem less serious, since the warning issued by Opensea only concerns phishing risks. Digital hygiene – even more than usual – is therefore essential!


Ledger scandal (continued) – The “physical security” of users is engaged

Hugh B. – 22 Dec 2020 – 11:27

The latest information about the company’s data leak […]


Opensea – An “increased likelihood of phishing”

According to the statements of the Opensea platform, An investigation is underway. This is to determine the exact origins and possible consequences of this affair. But whatever happens, it is the vigilance of its users that can make the difference. Reason why she urges them to operate a secure management of their “messaging practices” remaining alert to “any attempt to impersonate OpenSea via email. » Because the risk is there: thinking of responding to an official message and clicking on a link that redirects to a mirror site, built identically to Opensea… but without being Opensea.

Please note that malicious actors may attempt to contact you using an email address that visually resembles our official email domain, “” (such as “” or another variation).


The Opensea platform therefore gives some basic advice in order to escape this very probable wave of phishing. Like for example the fact that only the email domain name “” is officially used for communication purposes. But also that his e-mails never contain attached files. Not even download links to click on. Moreover, all links must appear with the domain name “” spelled correctly. “Because it is common for malicious actors to impersonate URLs by mixing up the letters. » And finally, we must not NEVER share or confirm a wallet password or passphrase. Or even sign a transaction with MetaMask from an emailed link, because that never happens.


Hacking – A hacker steals customer data from major crypto companies

Hugh B. – 22 Mar 2022 – 15:00

Security is not an empty word in the digital world. […]


Advice that must apply in all situations, even outside of messages received from Opensea. With the basic principle of never clicking on a link contained in an e-mail. And to prefer to go directly to the official site concerned to verify its authenticity. And in this case, remember to report “any suspicious communication that seems to come from OpenSea on But don’t wait for an answer, his customer “service” is a bottomless pit…

Leave a Reply

Your email address will not be published.