7 million OpenSea emails exposed

A significant data breach involving OpenSea's email service provider has resurfaced, revealing that 7 million email addresses were leaked, escalating concerns over phishing attacks in the cryptocurrency sector.

The breach, which occurred in June 2022, was initially reported by OpenSea on June 29 of that year.

It was caused by an employee of Customer.io, the platform's email automation vendor, who improperly shared user email addresses with an unauthorised party.

Recent updates from SlowMist’s chief information security officer, known as “23pds,” confirmed that the leaked data includes the email addresses of numerous prominent figures and organisations within the crypto industry.

"The amount of leaked data reached 7 million, including a large number of email information of overseas cryptocurrency practitioners," 23pds noted in a tweet.

This incident poses significant risks to the privacy and asset security of individuals in the cryptocurrency space. The leaked emails could be exploited by attackers for phishing schemes, which have been a persistent threat in the industry.

Phishing attacks have become increasingly costly; a report from CertiK revealed that phishing was the most expensive attack vector in 2024, leading to over $1 million in losses from various incidents.

"Please be aware of the risks associated with phishing emails and other potential cyberattacks," 23pds advised, emphasising the need for users to adopt robust security practices.

In light of this breach, experts recommend that affected users create strong, unique passwords and enable two-factor authentication (2FA) using authenticator apps rather than SMS-based methods.

As phishing attempts continue to rise, users are urged to remain vigilant and verify any communications they receive related to their accounts.