Yet another hack hits NFT marketplace OpenSea

One of the largest nonfungible token marketplaces OpenSea was hacked once again this week.

The hack follows two other attacks, the last back in June 2022, when a third-party contractor was able to download emails of its users and newsletter subscribers and provide a copy to an unauthorized party. An earlier phishing attack in February 2022 stole hundreds of NFTs from 32 users. 

OpenSea acknowledged the current incident in a tweet on X/Twitter sent out over the weekend, saying that application programming interface keys may have been compromised. The company recommended replacing the existing keys, which have been set to expire automatically on Oct. 2, with new ones. The company didn’t provide any other specifics. 

This is a poor design,” said Jason Kent, hacker in residence at Cequence Security. “If the data repository is accessible and the keys are compromised a perfect storm exists where the data can be acquired by a malicious third party. Rotating these keys is extremely important, it should happen early and often.”

Coincidentally with the OpenSea breach was an attack on the crypto analytics vendor Nansen, which also disclosed a breach on its corporate X account. That breach happened last Wednesday, and that company recommended changing all account passwords. Other than the timing, the two breaches have different attack modalities, as far as can be determined from their public statements. There has been no official announcement linking the two breaches.

Crypto-related attacks have blossomed, thanks to compromises on LastPass US LP master vault passwords that happened in late 2022. Security blogger Brian Krebs has been tracking that breach and reported recently that more than the equivalent of $35 million of crypto assets from 150 users were stolen due to this breach. He cites research that indicates its vault passwords were cracked to obtain private keys to their crypto accounts.    

In the early NFT days, OpenSea was the market leader, but its share has slipped to about a third of all NFT trading volume.

Image: OpenSEA

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One-click below supports our mission to provide free, deep and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy