Over seven million email addresses, compromised during a 2022 data breach involving OpenSea’s email vendor, have now been fully exposed online, creating new opportunities for phishing and scams.
“Remember the attack on OpenSea’s email service provider in 2022 that resulted in a data leak? The email addresses have now been entirely publicized after several rounds of dissemination,” SlowMist’s chief information security officer, known as “23pds,” wrote on a 13 January 2025 post on X.
EXPLORE: Buying and Using Bitcoin Anonymously / Without ID
2022 OpenSea Data Breach Resurfaces
23pds clarified that while the breach occurred in June 2022, the compromised data only became publicly available recently. “Previously, the data wasn’t made public. Now, it’s fully accessible to anyone, allowing attackers to exploit it for phishing and scams,” they said.
A screenshot showed a Telegram message containing an attachment named “opensea.io_mail_list.rar,” which allegedly includes seven million entries.
According to 23pds, the leaked data includes email addresses belonging to cryptocurrency professionals, companies, and key opinion leaders (KOLs) worldwide.
记得 2024 年 OpenSea 邮件服务商遭攻击导致邮件泄露的事件吗?经过多次传播,目前泄露的邮件地址已被完全公开。请务必注意相关风险,警惕钓鱼邮件和其他潜在的网络攻击! @cz_binance 邮件地址也在其中:-) Remember the attack on the OpenSea mail service provider in 2024 that led to the… pic.twitter.com/LcOyFaFuAz
— 23pds (山哥) (@im23pds) January 13, 2025
OpenSea, a leading non-fungible token (NFT) marketplace, initially disclosed the data breach on June 2022. The company revealed that an employee of its email automation provider, Customer.io, had leaked the list of OpenSea customer emails to an external party.
“If you shared your email with OpenSea in the past, you should assume you were impacted,” the platform warned at the time.
To mitigate risks, 23pds recommended affected individuals adopt robust cybersecurity measures, such as creating strong, unique passwords and using password managers for secure storage.
They also advised enabling two-factor authentication (2FA), favoring authenticator apps over SMS-based 2FA, and ensuring device software is up to date.
Phishing scams continue to pose significant threats. In 2024 alone, phishing attacks accounted for over $1 billion in stolen digital assets across 296 incidents, according to CertiK, a blockchain security firm.
“Phishing was the most costly attack vector last year,” a CertiK spokesperson stated. They noted that the actual losses could be even higher, considering unreported incidents and other forms of phishing, such as “pig butchering” schemes.
EXPLORE: 9 Coins with High Returns: Crypto Forecast 2025
Web3 Workers Targeted By Malware Campaign
Last month, cybersecurity firm Cado Security Labs warned that Web3 professionals have become the latest victims of a sophisticated malware campaign that employs fake meeting apps to steal sensitive credentials and crypto assets.
In a report, Cado’s threat research lead, Tara Gould, detailed that scammers are leveraging artificial intelligence (AI) to craft convincing websites and social media profiles that mimic legitimate companies.
The malicious app, initially called “Meeten,” has undergone several rebrands. It now operates as “Meetio” and previously used domains such as Clusee.com, Cuesee, Meeten.gg, and Meetone.gg.
Once downloaded, the app deploys a Realst information stealer to extract sensitive data, including Telegram logins, banking information, and cryptocurrency wallet credentials.
Similar schemes have surfaced recently. In August, on-chain investigator ZackXBT identified 21 developers, likely linked to North Korea, using fake identities to infiltrate crypto projects.
Additionally, in September, the FBI warned of North Korean hackers targeting crypto firms and decentralized finance (DeFi) projects with malware disguised as job offers.
EXPLORE: $300 Million Exploit: Japan’s DMM Bitcoin Exchange Suffers Largest Hack Of 2024
The post Over 7 Million OpenSea Emails Leaked Online, Sparking Scam Concerns appeared first on 99Bitcoins.