OpenSea, a premium marketplace for non-fungible tokens (NFTs), has become the second victim of an API leak by an unknown "third-party vendor." It sent a series of messages to API users to prevent their accounts from being abused by hackers.
OpenSea customers should request new API keys,
23 September 2023, the NFT marketplace was attacked. A number of X users shared messages they had allegedly received from OpenSea.
As a result of this attack, it is likely that information about OpenSea customers was leaked to attackers. Moreover, the perpetrators may misuse API keys to make requests that OpenSea users have paid for. Therefore, the marketplace urges all its customers to stop using their effective API keys. It states the following:
Application programming interface (or APIs) are used by applications and other third-party services for standardised interaction with an external platform or server. As such, the alleged OpenSea API leak could threaten the marketplace's B2B partners. At the same time, they calls the campaign an "API key rotation" and does not necessarily expect the incident to affect the platform's partners.
OpenSea remains silent on the alleged leak
At the time of writing, neither the main OpenSea account on X (formerly Twitter) nor OpenSea's API-focused page have addressed community concerns regarding the API keys issue.
It should also be noted that Nansen, a leading analytics platform in the crypto industry, shared the same message about API keys being exposed by a third-party vendor.
CEO Alex Svanevik of Nansen also did not share the name of the supplier, but admitted that it is an established Fortune 500-listed company. He added that a total of 6.8% of Nansen users were affected.