Millions of OpenSea User Emails Fully Public Now

Over 7 million email addresses were compromised in the 2022 OpenSea data breach and are now publicly available.

SlowMist, a prominent blockchain security firm, reported in its Jan. 13 post that the hacker’s latest move might increase the risks of phishing and scams for owners of the emails. According to the firm, the hacker exposed the email addresses on multiple public websites.

The malicious actors obtained the emails during the Jul. 2022 breach of Customer.io, an OpenSea email automation vendor. The leaked file contains emails of decision-makers in various crypto companies and key opinion leaders (KOLs).

Thus, exposing such data poses critical risks to their digital security.

Telegram File Reveals Extent of the OpenSea Breach

23pds, the chief security officer of SlowMist, uploaded a screenshot of a Telegram compressed file named “opensea.io_mail_list.rar,” which allegedly contains the dataset. The handle also expressed growing concerns about phishing scams and related vulnerabilities in the crypto sector.

Following the breach in 2022, OpenSea asked users to be vigilant and take swift action if they suspected a threat. The firm then reported the issue to law enforcement agencies and launched an investigation with Customer.io.

The firm further suggested some security measures its users could implement, like changing passwords. Other measures include activating 2-factor authentication (2FA) and ensuring their software is up to date.

The crypto industry has faced several threats over the years, with phishing scams growing alarmingly. A recent Certik report showed that 296 phishing attacks in 2024 resulted in over $1 billion in stolen funds.

The firm that the reported figure is low because many cases go unreported. The emergence of pig butchering, rug pulling, and other sophisticated scams deepen users’ concerns.

Ripple CTO Warns Against Clicking on a Phishing Link

Meanwhile, Ripple CTO David Schwartz has exposed an email purportedly from Coinbase. The text asked the recipients to click a link to update their account information and explained that doing so would ensure better usability.

Schwartz pointed out that every email like this is a scam. He also shared his stance about airdrops, stating that they could lead to severe financial losses due to their tax implications in various countries.