OpenSea has confirmed being impacted by a third-party security breach, marking the third attack against the major non-fungible token marketplace following a third-party hack and phishing incident in June 2022 and February 2022, respectively, SiliconAngle reports.
Attackers behind the most recent intrusion may have compromised application programming interface keys, said OpenSea, which urged users to immediately replace such keys, which are set to expire on Oct. 2. Such an incident is indicative of poor design on the part of OpenSea, according to Cequence Security Hacker in Residence Jason Kent.
"If the data repository is accessible and the keys are compromised a perfect storm exists where the data can be acquired by a malicious third party. Rotating these keys is extremely important, it should happen early and often," Kent added.
Disclosure of the OpenSea attack comes just days after cryptocurrency analytics firm Nansen announced being hit by a third-party breach. No correlation between both incidents has been discovered so far.
Major U.S. real estate and mortgage title insurance and settlement services provider Fidelity National Financial had its operations disrupted following the shutdown of certain systems as a result of a cybersecurity incident, according to TechCrunch.