OpenSea, the largest marketplace, recently reported one of the employees from Customer.io misused their access to download and share emails with an unknown third party. The marketplace warned its users to stay wary of phishing emails by listing down safety tips.
Read the recipient carefully before clicking on any link in the email. OpenSea always sends emails from its official domain, opensea.io.
Never download any file sent by OpenSea to your email. The marketplace never sends attachments to its users.
Never share passwords or keys of private wallets to OpenSea
Always check the hyperlink URL to see if it includes ‘email.opensea.io.’ Read the spelling carefully as scammers tend to mess up with letters to fool people.
Don’t sign any wallet transaction that came directly from the email. OpenSea recommends checking the origin of https://opensea.io if it were written on the email.
OpenSea has been suffering from various malicious attacks since last year. Despite the team’s continuous efforts to ensure the safety of its users, hackers still find a way to sabotage the marketplace’s reputation by exploiting it.
“We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement.”
As of now, OpenSea hasn’t shared a list of emails or no. of emails that were leaked but warned every user who signed up for the official newsletter or other updates to be aware of the situation and avoid falling victim to phishing attacks.