OpenSea Subject to Data Breach & BAYC Error:

OpenSea is the world’s leading NFT marketplace, often serving as a hub for NFT culture to come together: NFT vets, newbies, degens and venture capitalists all utilise the platform to trade and showcase their digital collectables. It has been a difficult week for the NFT traders, following a data breach and the accidental delisting of multiple BAYC NFTs.

OpenSea’s data breach was discovered earlier today, when an employee of Customer.io, a third party platform used by OpenSea to manage emails ad mailing list campaigns, was found to be leaking user data. Speaking in a blogpost, OpenSea addressed the breach, saying a Customer.io employee had “misused their employee access to download and share email addresses — provided by OpenSea users and subscribers to our newsletter — with an unauthorized external party.”

When elaborating on the breach, OpenSea have said that every user who has shared their email with the marketplace should assume they have been affected by the issue and warned that in the current environment of uncertainty, there is “a heightened likelihood for email phishing attempts trying to impersonate OpenSea.”

Continuing with their warnings, OpenSea have been making users aware of potential phishing methods: OS have said that scammers will be setting up spoof email domains designed to trick someone by using domains similar to the official opensea.io. Keep vigilant and look out for OpenSea.org and OpenSea.xyz, instead of the official “OpenSea.io”

Today’s data breach is the latest in a series of privacy and security issues OpenSea have faced this year alone. In May of this year, OpenSea’s Discord server was hacked, resulting in a surge in phishing attacks and data breaches: as a result of the attack, numerous user wallets were exploited and drained and OpenSea ended up reimbursing affected users to the tune of $1.8 million.

OpenSea’s week managed to get even worse after 6,000 Bored Ape Yacht Club NFTs were briefly delisted from the marketplace, or tagged as suspicious. This is a procedure that often happens with stolen Apes, in an attempt to halt anyone profiting from the sale of a stolen asset (Seth Green’s stolen Ape got the suspicious marking before he reclaimed it).

The most interesting part of the BAYC delisting is possible motivation — details around the removal of Bored Ape NFTs (Mutants were not affected): some are theorising it may be due to an upcoming lawsuit from Yuga, aimed at Ryder Ripps and his NFT ape project.

We have reached out to OpenSea for comment, but at time of writing, no one has responded.