Key Points
- Over 7 million OpenSea users are at risk following a 2022 data breach where email addresses were compromised and made public.
- The leaked data, which includes prominent figures and companies in the crypto industry, increases the risk of phishing and other attacks.
The security of over 7 million OpenSea users has been compromised due to a data breach in 2022.
This breach resulted in the public release of their email addresses.
Increased Risk of Phishing and Attacks
The chief information security officer of blockchain security company SlowMist, 23pds, has indicated that this breach has significantly increased the risk of phishing and other attacks.
On January 13, 23pds alerted the crypto community that the compromised data had been circulated multiple times before being made public.
The leaked data contains email addresses of notable figures in the cryptocurrency industry, such as former Binance CEO Changpeng “CZ” Zhao.
It also includes well-known companies, key opinion leaders, and other influential individuals.
This poses additional threats to the privacy and asset security of the crypto industry in the future.
Details of the Breach
The email addresses were compromised in a June 2022 incident involving a Customer.io employee.
This employee, who worked for OpenSea’s email delivery vendor, misused their access to download and share email addresses provided by OpenSea users and newsletter subscribers with an unauthorized third party.
OpenSea, one of the largest NFT marketplaces, has been targeted by phishing scammers multiple times.
In December 2022, a blockchain security platform alerted users that attackers were using phishing websites to exploit OpenSea’s gasless transaction feature.
Phishing scams remain a major threat for cryptocurrency enthusiasts due to their many forms, making them difficult to trace and even harder to prevent effectively.
Experts advise users to stay vigilant by verifying email sources, avoiding clicking on unknown links, enabling two-factor authentication, and never sharing private wallet keys or sensitive information online.