Breach, Third-party code, Phishing

OpenSea hit by third-party breach

OpenSea has confirmed being impacted by a third-party security breach, marking the third attack against the major non-fungible token marketplace following a third-party hack and phishing incident in June 2022 and February 2022, respectively, SiliconAngle reports. Attackers behind the most recent intrusion may have compromised application programming interface keys, said OpenSea, which urged users to immediately replace such keys, which are set to expire on Oct. 2. Such an incident is indicative of poor design on the part of OpenSea, according to Cequence Security Hacker in Residence Jason Kent. "If the data repository is accessible and the keys are compromised a perfect storm exists where the data can be acquired by a malicious third party. Rotating these keys is extremely important, it should happen early and often," Kent added. Disclosure of the OpenSea attack comes just days after cryptocurrency analytics firm Nansen announced being hit by a third-party breach. No correlation between both incidents has been discovered so far.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.