A third-party breach on a reputable service provider has leaked OpenSea API keys, exposing NFT holders’ accounts to exploitation by unauthorized external parties.
NFT marketplace OpenSea acknowledged a data breach after an employee of a third-party email delivery vendor downloaded email addresses and shared them with an unauthorized party.
The attack on the OpenSea NFT marketplace does not appear to be a code issue or vulnerability, the phishing attacks apparently involved unknown threat actors approaching individual users and tricking them into signing a malicious payload.