SlowMist’s chief information security officer (CISO) reported that a 2022 breach involving NFT marketplace OpenSea’s user data has now led to the full public exposure of the leaked information.
The breach, which occurred in June 2022, involved 7 million email addresses of OpenSea users.
Crypto Users at Risk After 7 Million OpenSea Emails Go Public
In a tweet on January 13, blockchain security firm SlowMist’s chief information security officer (CISO) said that the leaked email addresses have now been made public.
“Remember the attack on the OpenSea mail service provider in 2024 that led to the leakage of emails? The leaked email addresses have now been fully publicized after multiple disseminations. Please be aware of the risks associated with phishing emails and other potential cyberattacks,” the SlowMist exec said.
According to a screenshot shared by the exec, former Binance CEO CZ’s emails were also leaked.
The initial breach in 2022 was caused by an employee of Customer.io, the email automation service used by OpenSea. The employee reportedly exploited their access to user data and shared it with an external party, leading to the leak.
OpenSea responded at the time by warning users of the phishing threat and advising caution when interacting with unsolicited emails.
Although the breach happened nearly three years ago, the exposed data remained undisclosed until recently. With over 7 million email addresses now fully public, the potential for malicious actors to launch phishing campaigns is significantly higher. Depending on the depth of the exposure, the leak could also involve other personal details.
OpenSea has yet to comment directly on this recent development. OpenSea users, including those with notable holdings, are now at greater risk of being targeted by scammers.
Moreover, crypto phishing attacks in 2024 resulted in $500 million in losses, affecting over 330,000 addresses.
It appears that hackers are also trying to gain control of companies’ X accounts to trick users. Earlier this month, Litecoin reported that unauthorized individuals accessed its official X account and posted fraudulent content, including fake tokens.
SlowMist recommends that vulnerable users change their passwords and enable two-factor authentication on all accounts.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
