According to Coincu, numerous users have reported receiving phishing emails related to non-fungible token (NFT) offers, disguised as official communications from Opensea, a leading NFT marketplace. The company has previously acknowledged the possibility of user emails and developer API keys being leaked due to attacks on their suppliers.
Opensea recently fell victim to an API leak caused by an unknown third-party vendor. In response, the company sent out messages to API users, urging them to protect their accounts from potential hacker abuse. As a precautionary measure, Opensea clients are required to obtain new API keys, as the third-party vendor's attack compromised the security of the existing keys.
On September 23, 2023, several users on the X platform shared messages they claimed to have received from Opensea. According to these messages, one of Opensea's third-party partners experienced a security incident that potentially led to the unauthorized disclosure of application programming interface (API) keys. As a result, sensitive information about Opensea clients may have been leaked to malicious actors. To mitigate the risk, Opensea strongly advises all customers to cease using their current API keys and obtain new ones with the same permissions and rate limits. API endpoints are crucial for decentralized applications and other third-party services, facilitating efficient and standardized interactions with remote platforms or servers. As of now, neither the primary Opensea account on X nor its API-centric page has addressed the community's concerns regarding the API keys issue.