OpenSea Email Breach Data Made Public, Users at Risk

Over 7 million OpenSea users face increased security risks after email addresses from a 2022 breach were publicly leaked. Blockchain security firm SlowMist’s chief security officer, known as 23pds, alerted the crypto community on Jan. 13 about the compromised data’s widespread dissemination.

The leaked emails reportedly include addresses of high-profile individuals and organizations, such as former Binance CEO Changpeng “CZ” Zhao, further amplifying potential threats to privacy and asset security.

Breach Details and Initial Response

The breach originated in June 2022 when an employee of Customer.io, OpenSea’s email delivery vendor, illicitly shared user and subscriber email data with an unauthorized party. OpenSea responded by warning users to stay cautious of phishing scams and impersonation attempts, emphasizing that official communication only comes from the “opensea.io” domain.

Rising Phishing Threats

Since the breach, OpenSea users have been repeatedly targeted by phishing campaigns:

• December 2022: Attackers exploited OpenSea’s gasless transaction feature via phishing sites, tricking users into unintentionally approving private sales of NFTs.
• November 2023: Developers received fake phishing alerts about account risks, suggesting a potential leak of developer contact details.
• January 2024: Scammers impersonated a Nike and RTFKT NFT collaboration, using fake emails to direct victims to malicious sites.

Staying Vigilant

Experts recommend users verify email sources, avoid suspicious links, enable two-factor authentication, and never share private wallet keys. With phishing scams evolving, the publicized leak underscores the need for heightened security awareness within the crypto community.