Over 7 Million OpenSea User Emails Publicly Leaked, SlowMist Warns of Increased Phishing Risks

The email addresses of over 7 million OpenSea users have been fully publicized online, following a data breach involving the marketplace’s email vendor in June 2022, according to blockchain security firm SlowMist. This latest development raises significant concerns over potential phishing and scam attacks.Details of the BreachThe leak originates from Customer.io, OpenSea’s email automation vendor, whose employee leaked user emails to an outside party.While the breach was initially reported on June 29, 2022, the data has now been fully publicized, making it available to bad actors worldwide.A Telegram message shared by SlowMist’s 23pds shows a file titled “opensea.io_mail_list.rar”, reportedly containing 7 million email addresses.Impact on the Crypto CommunityThe leaked data includes the email addresses of prominent cryptocurrency practitioners, companies, and key opinion leaders (KOLs), exposing them to targeted phishing attacks.Phishing scams accounted for over $1 billion in stolen digital assets across 296 incidents in 2024, making it the costliest attack vector of the year, according to CertiK.Protecting Yourself from Phishing ScamsUse strong and unique passwords stored securely in a password manager.Enable two-factor authentication (2FA), preferably through an authenticator app rather than SMS.Keep device software updated to mitigate security vulnerabilities.OpenSea’s ResponseWhen the breach was first discovered, OpenSea advised users to assume their email addresses were impacted and pledged to cooperate with law enforcement and Customer.io in the ongoing investigation, according to Cointelegraph.