SlowMist confirms that 7 million OpenSea addresses were leaked in 2022

The OpenSea email service provider data breach that occurred in June 2022 led to the leak of 7 million email addresses.

Experts have found that this includes many well-known individuals, companies and key opinion leaders (KOLs) in the crypto industry.

OpenSea breach

According to the latest update shared by SlowMist’s information security chief under the pseudonym ’23pds’, the leaked data included the email addresses of numerous crypto industry professionals, including Binance founder and former CEO Changpeng ‘ CZ’ Zhao.

23pds tweet read,

“The amount of leaked data reached 7 million, including a large number of email information of cryptocurrency professionals abroad, including many well-known people, companies and key opinion leaders (KOLs) in the industry, which may pose further threats to the privacy and security of assets in the cryptocurrency industry in the future.”

OpenSea, which happens to be one of the largest NFT marketplaces in the world, initially alerted its customers to the breach on June 29, 2022, during which it identified that an employee of Customer.io, its provider email automation, had leaked the email. addresses to an external party. Customer.io later confirmed that the breach also compromised customer data from five other companies, although it did not disclose their identities.

Although the breach took place more than two years ago, this information was not publicly disclosed until recently, allowing attackers to exploit it for phishing and scams.

Billions lost to phishing attacks

CertiK’s recent report revealed that phishing emerged as the costliest attack vector in 2024, leading to losses of $1.05 million across 296 incidents, including three cases where losses exceeded the 100 million dollars. This accounted for nearly half of the total stolen value that year and 39.1% of total incidents, indicating that phishing generally results in higher losses per attack compared to other vulnerabilities.

The blockchain security company explained that phishing remains popular with attackers because it is simple and effective. It takes advantage of human weaknesses instead of focusing only on technical systems. Using deceptive emails, fake websites, or fraudulent messages, attackers trick users into sharing sensitive data such as passwords, private keys, or wallet addresses.

In the crypto industry, phishing is particularly devastating due to the irreversible nature of transactions, as stolen funds cannot be recovered unless the attacker returns them. Therefore, quarterly fishing losses were highest in the second quarter of 2024, registering more than $433 million.

SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).

LIMITED OFFER for CryptoPotato readers on Bybit – Use this link to register and open a FREE $500 position with any currency!