Alert: OpenSea API Keys Leaked

article image

Vladislav Sopov

Following leak announcement by Nansen, top NFT marketplace OpenSea announced that its partner exposed some keys to malefactors

OpenSea, a top-tier marketplace for non-fungible tokens (NFTs) became the second victim of an API leak by unknown “third-party vendor.” It sent a series of messages to API users to prevent their accounts from being abused by hackers.

OpenSea clients have to claim new API keys as third-party vendor attacked

Today, Sept. 23, 2023, a number of X users shared messages they allegedly received from OpenSea, a multi-blockchain NFT marketplace. As per the message, one of third-party partners of OpenSea experienced a “security incident” that might have resulted in a leak of application programming interface (API) keys.

Due to this attack, information about OpenSea clients is likely leaked to attackers. Also, the malefactors can abuse the API keys to leverage requests OpenSea users paid for.

That’s why the marketplace urges all of its customers to stop using their effective API keys. Newly generated keys will have the same rights and rate limits as the leaked ones, the message says.

API endpoints are used by decentralized applications and other third-party services for streamlined, standardized interaction with a remote platform or server. As such, the alleged OpenSea API leak might threaten its B2B partners.

At the same time, OpenSea calls the campaign an “API keys rotation” and does not expect the incident to necessarily affect the partners of the platform.

OpenSea remains silent about alleged leak

By printing time, neither the main OpenSea account on X nor its API-centric page have addressed community concerns regarding the API keys issue.

It should also be noted that a couple of days ago, Nansen, a leading analytical platform in crypto, shared the same message about API keys being exposed by a third-party vendor.

Nansen CEO Alex Svanevik also avoided sharing the name of the provider, but admitted that it is an established company from the Fortune 500 list.

A total of 6.8% of Nansen users had their accounts affected, Svanevik added.

Source: https://u.today/alert-opensea-api-keys-leaked