According to OpenSea, one of its third-party vendors has been exposed to a security breach.
The Non-fungible token (NFT) marketplace sent a notification to users where it stated that the vendor in question “experienced a security incident that may have exposed information” related to users’ API keys. The exact number of users impacted by the breach is yet to be ascertained.
In the meantime, no news has been reported about what other data may have been exposed in the security breach and OpenSea is not giving out so much information about the situation.
OpenSea Users to Generate New Keys
At the same time, OpenSea mentioned that the breach is not expected to affect any program that leverages the marketplaces API key. However, there is concern that if external parties use one of the exposed keys, it could alter rate and usage limits.
Therefore, users are advised to deprecate usage of their existing keys and replace it with newly generated keys. Notably, the existing API keys will be redundant by October 2nd and the newly generated keys will have the same permission and rate limit as the current keys.
Nansen Suffers Similar Third-party Security Breach
Popular crypto analytic firm Nansen has suffered a similar fate as OpenSea. Nansen also reported that one of its third-party vendors was compromised, leading to the exposure of some of its users’ data. Only about 6.8% of Nansen users were affected by the breach. Email addresses, passwords hashes as well as blockchain addresses were all leaked in the process.
It is not yet clear if there is a link between OpenSea’s breach and that if Nansen, especially considering their proximity.
Growing Trend of Security Attacks
Security breaches are becoming more rampant in the cryptocurrency industry and many crypto-related firms have been attached in the last eight months of this year. About two weeks ago, Hong Kong-headquartered cryptocurrency exchange CoinEx was attacked and over $27 million in digital assets including Ethereum (ETH), Tron (TRX), and Polygon (MATIC) were siphoned from the platform’s wallets.
Bitcoin ATM manufacturer and software provider, General Bytes was forced to compensate its Cloud-based clients who were affected by a security breach in form of a zero-day attack. Generally, crypto enthusiasts and netizens are advised to remain cautious and report any unusual activities.