By
Godfrey Benjamin
March 21st, 2024
OpenSea wrote an email to the users advising them to rotate API keys after one of the vendors experienced a security breach that may have exposed personal data.
Leading multi-chain NFT marketplace, OpenSea, recently announced that its API keys could be compromised leading to a loss of customer airtime. According to an email shared with the users, OpenSea observed a security breach on one of the vendors, in which the incident might have compromised users’ API keys. As a result, the company advised users to cease using their existing keys and replace them with newly generated keys. Moreover, the company does not expect the security breach on the vendor’s end to have any immediate effect on the ability of users to integrate with the platform.
Currently, the biggest threat the security breach would pose to OpenSea users is the use of allocated rate limits by third parties. However, the company highlighted that the newly generated keys will have the same rate limit as the pre-existing ones.
OpenSea Fights Black Hat Hackers
As a leading NFT marketplace with notable trading volume despite the prolonged crypto bear market, the OpenSea team has remained vigilant against network attacks. Last year, OpenSea reported a data breach that affected almost all its users’ emails that were shared by one of its employees with an unauthorized external party. The evolution of attackers’ tactics has put web3 users at more risk of losing their assets.
According to Cory Hardman, the head of security at OpenSea, users should avoid downloading content from unknown emails to phishing personal data. Additionally, Hardman advised users to avoid signing a wallet transaction that is printed directly from an email to avoid phishing expeditions.
Moreover, OpenSea emails do not constitute link prompts to sign transactions. Ultimately, it is the responsibility of the user to ensure they use the correct URL and never share their secret words to ensure maximum security.
Bigger Picture
The cryptocurrency market has recorded high network attacks amid the mainstream adoption of digital assets. The fact that web3 projects are facilitating the transfer of value with minimal government intervention is an attraction to black hat hackers. Late last week, crypto analytics firm, Nansen, reported a data breach that affected one of its third-party vendors. Nansen noted that the vendor is an established company that is used by many Fortune 500 entities. Meanwhile, the company notified the users what was affected to ensure the correct response on time.
The North Korea-sponsored hackers have been identified as one of the biggest threats to the web3 industry. Moreover, the North Korean hackers use sophisticated attacking techniques including applying for developer jobs to have inside access to blockchain firms. As a result, the crypto market presents more risks to investors advancing their exploration through different web3 platforms.