Over seven million email addresses were compromised in a 2022 data breach involving OpenSea’s email provider Now have been completely exposed online, creating new opportunities for phishing and scams.
“Remember the attack on OpenSea’s email service provider in 2022 that resulted in a data leak? Email addresses are now been fully advertised after several rounds of deployment,” SlowMist’s cybersecurity manager, known as “23pds,” he wrote in a January 13, 2025 post on X.
EXPLORE: Buy and use Bitcoin anonymously/without ID
2022 OpenSea data breach resurfaces
23pds clarified that although the breach occurred in June 2022, the compromised data only became publicly available recently. “Previously, the data had not been made public. It is now fully accessible to anyone and allows attackers to exploit it for phishing and scams,” they said.
A screenshot showed a Telegram message containing an attachment called “opensea.io_mail_list.rar,” which supposedly includes seven million entries.
According to 23pds, the leaked data includes email addresses belonging to cryptocurrency professionals, businesses, and key opinion leaders (KOLs) around the world.
In 2024, OpenSea?址已被完全公开。请务必注意相关风险,警惕钓鱼邮件和其他潜在的网络攻击! @cz_binance 邮件地址也在其中 🙂 Remember the attack on email service provider OpenSea in 2024 that led to the… pic.twitter.com/LcOyFaFuAz
— 23pds (山哥) (@im23pds) January 13, 2025
OpenSea, a leading non-fungible token (NFT) marketplace, initially disclosed the data breach in June 2022. The company revealed that an employee of its email automation provider, Customer.io, had leaked the list of OpenSea customer emails to an external party.
“If you have shared your email with OpenSea in the past, you should assume you were hit”, the platform warned at the time.
To mitigate risksrecommended 23pds wanted individuals take strong cybersecurity measures, such as creating strong, unique passwords and using password managers for secure storage.
They also recommended enabling two-factor authentication (2FA), favoring authenticator apps over SMS-based 2FA, and ensuring your device software is updated.
Phishing scams continue to pose significant threats. In 2024 alone, phishing attacks accounted for more than $1 billion in stolen digital assets in 296 incidents, according to CertiK, a blockchain security firm.
“Phishing was the most expensive attack vector last year,” a CertiK spokesperson said. They noted that actual losses could be even higher, considering unreported incidents and other forms of phishing, such as “pig slaughter” schemes.
EXPLORE: 9 Coins With High Returns: Cryptocurrency Predictions 2025
Web3 workers targeted by malware campaign
Last month, cybersecurity firm Cado Security Labs warned that Web3 professionals have become the latest victims of a sophisticated malware campaign that uses fake meeting apps to steal sensitive credentials and crypto assets.
In a report, Tara Gould, head of threat research at Cado, detailed that scammers are leveraging artificial intelligence (AI) to create convincing websites and social media profiles that imitate legitimate companies.
The malicious app, initially called “Meeten,” has undergone several rebrandings. It now works as “Meetio” and previously used domains such as Clusee.com, Cuesee, Meeten.gg and Meetone.gg.
Once downloaded, the app deploys a Realst information stealer to extract sensitive data, including Telegram logins, banking information, and cryptocurrency wallet credentials.
Similar patterns have emerged recently. In August, on-chain investigator ZackXBT identified 21 developers, possibly linked to North Korea, using fake identities to infiltrate crypto projects.
Additionally, in September, the FBI warned of North Korean hackers targeting crypto firms and decentralized finance (DeFi) projects with malware disguised as job offers.
EXPLORE: $300 Million Exploit: Japanese DMM Bitcoin Exchange Suffers Biggest Cyber Attack of 2024
The post Over 7 Million OpenSea Emails Leaked Online, Sparking Scam Concerns appeared first on 99Bitcoins.