23pds, the pseudonymous Chief Information Security Officer (CISO) at blockchain security firm SlowMist, has raised concerns about potential phishing attacks targeting more than seven million OpenSea users whose emails were leaked in a June 2022 breach.
23pds stated:
“Remember the attack on the OpenSea mail service provider in 202[2] that led to the leakage of emails? The leaked email addresses have now been fully publicized after multiple dissemination.”
According to 23pds, the exposed data includes the email addresses of high-profile figures in the crypto industry, such as prominent companies, influencers, and key opinion leaders (KOLs).
They noted that this poses significant risks to privacy and asset security in the crypto sector. A screenshot shared by the CISO even revealed that Binance’s former CEO Changpeng Zhao’s email address was among the compromised data.
The data breach traces back to 2022, when an employee of OpenSea’s email vendor, Customer.io, improperly accessed and shared user email addresses with an unauthorized party.
At the time, OpenSea assured users that only those who subscribed to emails or newsletters were affected and urged caution against phishing attempts.
Phishing threats
23pds noted that the public exposure of these emails amplifies concerns about phishing attacks. They added:
“Please be aware of the risks associated with phishing emails and other potential cyberattacks.”
To safeguard against potential attacks, blockchain security firm SlowMist advised affected users to adopt robust security practices. These include using strong, unique passwords, storing them in password managers, and enabling two-factor authentication (2FA) with authenticator apps instead of SMS.
SlowMist stated:
“We also recommend that users use two-factor authentication (2FA) whenever possible, recommending an authenticator app over SMS-based 2FA, and said to keep device software updated.”
These warnings are unsurprising, considering a Scam Sniffer report highlighted that phishing attacks by crypto wallet drainers caused an estimated $500 million in losses in 2024. This marked a 67% increase from the total incidents in 2023 and affected over 330,000 addresses.
The post Crypto industry alarmed as 7 million OpenSea email users’ leak resurfaces appeared first on CryptoSlate.
