OpenSea tells users to rotate API keys after third-party security breach

Quick Take

  • One of OpenSea’s third-party vendors experienced a security incident that exposed information related to user API keys.
  • Nansen disclosed a data breach affecting one of its third-party vendors yesterday, but it’s currently unclear whether the incidents are related.

NFT marketplace OpenSea disclosed that one of its third-party vendors “experienced a security incident that may have exposed information” regarding users’ API keys in an email to some users. 

The company noted that the security incident was not expected to affect any programs that utilize an OpenSea API key, but that if external parties use one of the exposed keys, it could affect rate and usage limits. OpenSea plans on sunsetting existing keys by Oct. 2, according to the email

OpenSea did not disclose how many users were affected by the breach or what information besides API keys may have been exposed. OpenSea did not immediately return a request for comment from The Block. 


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

The disclosure comes shortly after a similar notice from crypto analytics firm Nansen, which disclosed yesterday that one of its third-party vendors was compromised, leading to the loss of emails, password hashes and some blockchain addresses.The breach impacted 6.8% of Nansen’s users, who had their emails exposed, according to a post on X.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Zack Abrams is a writer and editor based in Brooklyn, New York. Before coming to The Block, he was the Head Writer at Coinage, a Web3 media outlet covering the biggest stories in Web3. The story he co-reported on Do Kwon won a 2022 Best in Business Journalism award from SABEW. Other projects included a deep dive into SBF's defense based on exclusive documents and unveiling the identity of the hacker behind one of 2023's biggest crypto hacks — so far. He can be reached via X @zackdabrams or email, [email protected].


To contact the editor of this story:
Tim Copeland at
[email protected]