One of the leading platforms in the NFT world, OpenSea, published an official warning to its users to change their API keys due to a security breach. OpenSea stated that a third-party security breach left them vulnerable to attackers.
In an email sent to customers, the company wrote, “One of our vendors experienced a security incident that could lead to the exposure of information related to your OpenSea API key.”
Second Largest NFT Marketplace Under Attack
As of May 2023, OpenSea ranks as the second-largest NFT platform in terms of trading volume, with a 36.5% share, while Blur, which was launched about a year ago, leads the chart with 56.8%.
Upon detecting this security breach, OpenSea instructed users to “deactivate” their current keys and replace them with new ones. Additionally, it indicated that the validity of these keys will expire as of Monday, October 2nd.
While it is not immediately expected that this situation will impact users’ integrations with OpenSea, information was provided that third-party access could affect some usage limits and allocated ratios. OpenSea clarified that the new API keys would have the same permissions and limitations as the expired ones.
Nansen Also Experienced a Similar Security Breach
Just prior to this event, the blockchain analysis platform Nansen announced that one of its third-party suppliers had suffered a security breach. In this violation, some users’ blockchain addresses, passwords, and email addresses were put at risk. Nansen stated that this incident affected 6.8% of its users and mentioned that this supplier is used by many Fortune 500 companies.
