7 Million OpenSea Emails Exposed: Crypto Community on High Alert for Phishing Threats

From Beincrypto By Ann Maria Shibu

SlowMist’s chief information  security  officer (CISO) reported that a 2022 breach involving  NFT marketplace  OpenSea’s user data has now led to the full public exposure of the leaked information.

The breach, which occurred in June 2022, involved 7 million email addresses of  OpenSea  users.

Crypto Users at Risk After 7 Million OpenSea Emails Go Public

In a  tweet  on January 13, blockchain security firm SlowMist’s chief information security officer (CISO) said that the leaked email addresses have now been made public. 

“Remember the attack on the OpenSea mail service provider in 2024 that led to the leakage of emails? The leaked email addresses have now been fully publicized after multiple disseminations. Please be aware of the risks associated with phishing emails and other potential cyberattacks,” the SlowMist exec said.

According to a screenshot shared by the exec, former Binance CEO CZ’s emails were also leaked.

Screenshot Showing CZ’s Details in Leaked Data. Source:  23pds

The initial breach in 2022 was caused by an employee of Customer.io, the email automation service  used by OpenSea . The employee reportedly exploited their access to user data and shared it with an external party, leading to the leak. 

OpenSea  responded  at the time by warning users of the  phishing threat  and advising caution when interacting with unsolicited emails.

Although the breach happened nearly three years ago, the exposed data remained undisclosed until recently. With over 7 million email addresses now fully public, the potential for malicious actors to launch  phishing campaigns  is significantly higher. Depending on the depth of the exposure, the leak could also involve other personal details.

OpenSea has yet to comment  directly on this recent development. OpenSea users, including those with notable holdings, are now at greater risk of being targeted by scammers. 

Moreover,  crypto phishing attacks in 2024 resulted in $500 million in losses , affecting over 330,000 addresses.

It appears that hackers are also trying to  gain control of companies’ X accounts to trick users . Earlier this month, Litecoin reported that unauthorized individuals accessed its official X account and posted fraudulent content,  including fake tokens .

SlowMist  recommends  that vulnerable users change their passwords and enable two-factor authentication on all accounts.