- Over seven million email addresses from a 2022 OpenSea data breach have recently been made public, exposing users to heightened phishing and scamming risks.
- SlowMist advises impacted users to enhance security measures, including strong passwords, two-factor authentication, and updated software, to mitigate potential threats.
A significant cybersecurity concern has reemerged in the cryptocurrency space as the fallout from the 2022 OpenSea email vendor leak takes a new turn. Over seven million email addresses, originally compromised in the breach, have now been fully publicized online, creating fresh opportunities for scammers to exploit unsuspecting users. The development was highlighted by SlowMist’s chief information security officer, “23pds,” in a recent post on X.
Remember the attack on the OpenSea mail service provider in 2022 that led to the leakage of emails? The leaked email addresses have now been fully publicized after multiple disseminations, 23pds wrote on January 13.
The original breach occurred in June 2022, when an employee of OpenSea’s email automation provider, Customer.io, leaked customer emails to an unauthorized third party. At the time, OpenSea, a leading NFT marketplace, warned users about the breach and advised caution. However, the leaked data had not been made publicly available—until now.
Speaking to Cointelegraph, 23pds emphasized the heightened risks stemming from the breach’s newfound public exposure. “All groups of attackers can now use this information to go phishing and scamming,” they explained. The leaked data reportedly includes a broad range of sensitive information, spanning from individual users to prominent figures and companies within the crypto industry.
A Telegram post shared by 23pds revealed an attachment named “opensea.io_mail_list.rar,” purportedly containing the full cache of leaked email addresses. The data set, reaching 7 million entries, is said to include information on overseas cryptocurrency practitioners, key opinion leaders (KOLs), and well-known industry players.
Protecting Against Phishing Scams
The public dissemination of this data presents significant risks, as phishing attacks remain a dominant threat to digital security. In 2024 alone, phishing scams were responsible for over $1 billion in stolen digital assets across 296 recorded incidents, according to blockchain security firm CertiK.
SlowMist has offered proactive advice to mitigate these risks. Users who suspect their email address was compromised should prioritize creating strong, unique passwords for all accounts and use a password manager to securely store them. The company also strongly recommends enabling two-factor authentication (2FA), preferably through an authenticator app rather than SMS-based methods, which are more vulnerable to interception.
Keeping devices updated with the latest software is another crucial step in minimizing security vulnerabilities.
A Cautionary Tale
The OpenSea breach underscores the long-term consequences of data leaks in the crypto and NFT sectors. While OpenSea initially took steps to notify affected users and involve law enforcement, the public exposure of this data amplifies the risks to users, particularly as attackers exploit the information for phishing schemes.