OpenSea Warns of Phishing Attacks Due to Data Breach

A third-party vendor’s employee misused their access to OpenSea’s customer data, the head of security said

article-image

Blockworks Exclusive Art by Axel Rangel

share
  • A Customer.io employee shared email addresses with an unauthorized external party
  • OpenSea warned users of fraudsters trying to impersonate the platform by using fake domain names

Collectibles platform OpenSea has alerted customers to a data breach after staff found email addresses were shared with an external party.

Head of Security Cory Hardman said in a blog post on Wednesday that an employee of Customer.io, OpenSea’s email delivery vendor, abused their access by downloading and externally sharing customer data. 

“If you have shared your email with OpenSea in the past, you should assume you were impacted,” he wrote. “We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement.”

The company further warned customers might face phishing attacks — attempts by cybercriminals posing as credible institutions with an aim to obtain sensitive information — by using a domain name similar to the official “opensea.io,” such as “opensea.org” or “opensae.io.”

Screenshots posted to Twitter show OpenSea notified customers about the data breach via email. Some users demanded compensation.

Loading Tweet..

Customer.io told Blockworks that the employee in question has been suspended and had access removed, pending an internal investigation. “We are working closely with OpenSea and are reviewing exactly how these email addresses were compromised,” a spokesperson for the vendor company said.

A similar incident occurred in March, when hackers breached third-party marketing vendor HubSpot to target large crypto stakeholders. NYDIG, Pantera Capital, BlockFi, Circle and Swan Bitcoin were among the affected companies.

OpenSea found itself in a sea of trouble thanks to another incident prior the data breach. The Department of Justice earlier this month charged its former head of product, Nathaniel Chastain, with insider trading in connection to non-fungible tokens (NFTs). He was charged with one count of wire fraud and another count of money laundering.

Chastain resigned from his position at OpenSea in September after he was suspected of profiting from inside information and purchasing NFTs before they were posted publicly.

OpenSea remains the leading marketplace by volume by a wide margin, with over six times the sales of the second-largest NFT marketplace over the past 30 days, according to data from DappRadar.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Unlocked by Template (11).png

Research

Union’s technical design brings measured improvements to crosschain interoperability. By combining a consensus-verified hub with novel constructs like state lenses and ZK proofs for client updates, Union achieves an interoperability protocol that is highly performant, trust-minimized, and scalable.

article-image

Commerce plans transparent, tamper‑resistant data distribution via blockchain for economic metrics

by Blockworks /
article-image

It’s unclear whether the celeb ever knew about the account made using his name

article-image

Sharps Technology raised $400 million in PIPE offering

article-image

Offchain Labs’ Tandem will work exclusively with Succinct on a zkVM

article-image

Fundstrat’s chief investment officer may be the apex bull

article-image

MetaMask now lets users create and restore wallets via social accounts

by Blockworks /