The publicization of the OpenSea data leak is a reminder of the broader challenges the cryptocurrency sector faces regarding data security.
A troubling development has emerged in the crypto space as over seven million email addresses, initially leaked during a 2022 OpenSea email vendor breach, have now been made fully public. This revelation, disclosed by SlowMist’s Chief Information Security Officer 23pds on January 13, underscores the heightened risk of phishing and scamming attacks.
The breach originally took place in June 2022, during a period when OpenSea’s popularity was at its peak. Earlier that year, the NFT platform was drawing over 120 million monthly visitors, ranking among the top 400 websites globally and securing the second spot in the Finance category.
In June, OpenSea discovered that an employee of its email automation provider, Customer.io, had exploited their access to download and share users’ email addresses with an unauthorized third party. While OpenSea promptly alerted its users to assume their information had been compromised, the full dataset remained under limited circulation until now.
“Previously, the data had not been widely shared. Now, all the leaked information is accessible to anyone, including malicious actors. This makes all affected individuals more vulnerable to phishing scams and fraud,” reads the translated post by 23pds.
Notably, the leaked dataset includes email addresses belonging to prominent figures, companies, and influencers in the cryptocurrency industry. The implications of this breach are particularly concerning, as phishing attacks often target high-profile individuals to maximize financial and reputational damage.
Risk of Phishing Attacks
The publicization of the OpenSea data leak is a reminder of the broader challenges the cryptocurrency sector faces regarding data security. In one of the most significant incidents, Ledger, a leading hardware wallet manufacturer, suffered a breach that exposed the private information of over 270,000 users in 2020.
Phishing scams, a common consequence of such breaches, are designed to deceive users into revealing sensitive information, such as login credentials and personal details, by posing as legitimate entities.
Cybersecurity firm CertiK reported that over $1 billion was lost to phishing scams in 2024 alone. During the first half of the year, there were more than 250 reported breaches or leaks across cryptocurrency platforms, impacting major players such as Binance, Crypto.com, and eToro.
In light of this renewed threat, SlowMist’s 23pds has advised individuals who suspect their email may have been leaked to take proactive steps. Creating strong, unique passwords and using a password manager can offer a first line of defense, he suggested.
He also advised OpenSea users to remain vigilant for unsolicited emails or messages urging them to act quickly, as these are common tactics used by scammers.
next