Latest third-party breach leaks OpenSea user APIs

NFT marketplace OpenSea has advised an undisclosed number of users to replace their application programming interface (API) keys after a security breach involving a third-party vendor exposed the authorization details.

As reported by The Block, in an email, the company reassured customers that the breach wouldn’t have an “immediate effect” on platform integrations but warned that it could impact allocated rate and usage limits. 

The firm, which as of this May year accounted for over 36% of trading volume (just behind newcomer Blur, which boasted around 57%) also cautioned that existing keys will expire on October 2. It did, however, reassure users that new keys will “have the same permissions and rate limits as the expiring keys.”

OpenSea hasn’t confirmed whether any other sensitive user data was affected or which of its vendors was attacked.

The OpenSea breach comes just days after a similar issue affected analytics platform Nansen. The company warned its users to change their passwords following a security breach from a third-party vendor that it claims affected nearly 7% of its users.

Read more: OpenSea NFT insider trading case raises potential for more fraud cases

Nansen claims it “managed to stop the unauthorized access shortly after learning about it and launched an immediate investigation.” It also claims wallet funds are unaffected. 

It also asked the unnamed third party to publicly disclose the breach and advised users to double-check any emails claiming to be from the company in case of a possible phishing attack.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on XInstagramBluesky, and Google News, or subscribe to our YouTube channel.