Opensea warns API users of third-party security breach
Nonfungible token (NFT) marketplace OpenSea has warned users that one of its third-party vendors has experienced a security incident, potentially exposing users’ OpenSea API keys.
The NFT platform said that they don’t expect the security incident to have an immediate effect on users looking to integrate onto the platform, a recent email shows.
Choose your third party well…
Opensea posted that a vendor was attacked, resulting in the leak of developers’ API keys!
Get advice from a professional security consultant about the safety of the third party before choosing. E.g. @SlowMist_Team pic.twitter.com/jcBJ9IaAEN
— 23pds (@IM_23pds) September 23, 2023
“However, your key could be used by external parties which will use its allocated rate limit,” OpenSea explained.
An application programming interface (API) key is code used to identify an application or user and is used for authentication in computer applications. According to OpenSea, its API helps developers build experiences using NFTs and its marketplace data.
The NFT firm called on its users to deprecate their existing key immediately and replace it with a newly generated key which will have the same permissions and rate limits as the existing keys.
Existing keys will expire on Oct. 2, OpenSea confirmed.
OpenSea didn’t disclose how many users were impacted by the security breach and what other information may have been collected.
On Sept. 20, blockchain analytics firm Nansen disclosed a similar breach, which resulted in users losing emails, passwords and blockchain addresses.
Important update from us at Nansen. Please take a moment to read this. pic.twitter.com/syKE0sNnC6
— Nansen (@nansen_ai) September 22, 2023
Nansen said only 6.8% of its users were impacted across the first 48 hours of the security breach.
The two security breaches prompted some members of the community to ponder whether the incidents are linked.
Arrington Capital founder steps down from Celsius NewCo
Arrington Capital founder Michael Arrington has confirmed he will no longer sit on the board of directors of NewCo, the entity which will eventually owned by Celsius creditors and managed by Fahrenheit.
In a X post on Sept. 24, Arrington said that he requested the change, but didn’t go into the reasons why.
As per a Sept. 23 filing, Arrington’s position on the NewCo board will instead be filled by Ravi Kaza, an investor and advisor to Arrington Capital.
A court filing was made today in the Celsius bankruptcy, which presents an amended plan supplement to show a change in the board of directors for the new company being created.
I will no longer be on the board of directors of the new company. Instead, Ravi Kaza, my partner at… pic.twitter.com/RBaGlbxW5w
— Michael Arrington ☠️ ️ (@arrington) September 24, 2023
U.S. Bitcoin Corp, Arrington Capital, Proof Group, Steven Kokinos and Ravi Kaza will provide the capital, management team, and technology required to help get the new company off the ground, which will be carried out in accordance with Celsius’ Chapter 11 bankruptcy plan.
Arrington — who also founded TechCrunch — didn’t disclose exactly why he decided to depart, but admitted a few disagreements ultimately pushed him to remove himself from the board of directors.
“I disagree with some of the decisions made around board constitution and, in particular, the board observers. Because of this, I chose to remove myself from the board of directors.”
The Arrington Capital founder said he’s still looking to support Celsius creditors and shareholders from its bankruptcy proceeding in other ways.
“Apart from not joining the board of directors, our investment and active advisory role via Fahrenheit will go on as planned.”
Venezuelan authorities stumble on Bitcoin miners in prison raid
A recent police bust into a Venezuelan prison resulted in the seizure of several rocket launchers, bullets, grenades and interestingly, Bitcoin mining machines, according to reports.
News of the raid into Venezuelan’s Tocoro prison was confirmed by Venezuelan military officer Domingo Hernández Lárez in a Sept. 20 statement — but further details were supplied by the Agence France-Presse on Sept. 21.
Comunicado: Se informa a la colectividad que está en curso la operación de liberación “Cacique Guaicaipuro”.#FANB#LiberaciónDeTocorón pic.twitter.com/RqQO2nbcVk
— GJ. Domingo Hernández Lárez (@dhernandezlarez) September 20, 2023
The AFP reported that 11,000 police workers and soldiers stormed the prison operated by Venezuela’s Tren de Aragua gang, when they discovered the Bitcoin miners, among other things:
“Authorities revealed that they seized bitcoin machines, sniper rifles, explosives, rocket launchers and grenades at the scene.”
Several videos emerged on X (formerly Twitter) which show a building full of Bitcoin mining machines.
There were bitcoin miners in one of the most dangerous places in Venezuela
Recently, we saw an intervention in Tocorón, one of the most known jails in the country, in which the criminals were in control.
Besides all the weird things that they had, they even had some bitcoin… pic.twitter.com/xEfZfj9NJN
— Javier ₿astardo ☠️ (@criptobastardo) September 22, 2023
Related: Venezuela shuts down crypto mining facilities, exchanges amid corruption probe
Earlier in the month, Chilean police found 19 Bitcoin mining machines when it raided a house believed to be involved in drug trafficking, according to local media outlet El Mostrador.
Digital asset platform Mixin Network suffers $200M exploit
Cryptocurrency platform Mixin Network says its cloud service provider was attacked on Sept. 23, resulting in an estimated loss of $200 million in assets on the mainnet.
The firm explained in a Sept. 25 statement that deposit and withdrawal services on the platform Mixin have been temporarily suspended as a result.
[Announcement] In the early morning of September 23, 2023 Hong Kong time, the database of Mixin Network’s cloud service provider was attacked by hackers, resulting in the loss of some assets on the mainnet. We have contacted Google and blockchain security company @SlowMist_Team…
— Mixin Kernel (@MixinKernel) September 25, 2023
“After discussion and consensus among all nodes, these services will be reopened once the vulnerabilities are confirmed and fixed. During this period, transfers are not affected,” the platform added.
Mixin Network said they’ll announce their recovery plan soon and that Mixin Network’s founder Feng Xiaodong will explain this incident in a public Mandarin livestream on Sept. 25 at 5:00 am UTC.
Blockchain security firm SlowMist explained on Sept. 25 that they’re assisting the investigation, while Mixin Network said they reached out to Google to assist with the investigation too.
SlowMist Security Alert
On September 23, the Mixin Network cloud service provider database was attacked, the amount of funds involved was ~ $200M.
SlowMist is assisting in the investigation. Please wait for @MixinKernel updates for more information.
— SlowMist (@SlowMist_Team) September 25, 2023
Mixin Network operates as a peer-to-peer transactional network for digital assets. It was established in 2017 and has secured more than $1 billion in value on its platform, according to the firm’s website.
United States-based law firm Fenwick & West — a firm that previously provided services to the now-defunct cryptocurrency exchange FTX — has refuted a class-action lawsuit brought against it, claiming in a Sept. 21 filing that it didn’t assist in the exchange’s alleged fraudulent activities.
Coinbase has secured an Anti-Money Laundering (AML) compliance registration from Spain’s central bank as part of its ongoing expansion across Europe. Spanish users will be able to retain custody of their crypto assets on Coinbase and continue buying and selling crypto in Euro.
Magazine: Best and worst countries for crypto taxes — plus crypto tax tips