The Dangers of Phishing Attacks on OpenSea Users
23pds, the Chief Information Security Officer (CISO) at blockchain security firm SlowMist, has recently expressed concern about potential phishing attacks targeting over seven million OpenSea users whose emails were leaked in a breach that occurred in June 2022.
Concerns Raised by 23pds
“Remember the attack on the OpenSea mail service provider in 2022 that led to the leakage of emails? The leaked email addresses have now been fully publicized after multiple dissemination.”
According to 23pds, the leaked data includes email addresses of well-known figures in the crypto industry, including companies, influencers, and key opinion leaders (KOLs). The exposure of this information poses significant risks to privacy and asset security within the crypto sector. Notably, even Binance’s former CEO, Changpeng Zhao, had his email address compromised in the breach.
Origin of the Data Breach
The data breach can be traced back to 2022 when an employee of OpenSea’s email vendor, Customer.io, inappropriately accessed and shared user email addresses with an unauthorized party. At the time, OpenSea assured users that only those who subscribed to emails or newsletters were impacted and advised caution against phishing attempts.
Phishing Threats and Security Recommendations
“Please be aware of the risks associated with phishing emails and other potential cyberattacks.”
To mitigate the risks of potential attacks, SlowMist recommends that affected users implement robust security practices. These include using strong, unique passwords, utilizing password managers, and enabling two-factor authentication (2FA) with authenticator apps instead of SMS.
“We also recommend that users use two-factor authentication (2FA) whenever possible, recommending an authenticator app over SMS-based 2FA, and said to keep device software updated.”
It is crucial for users to remain vigilant against phishing attacks, especially in light of reports indicating that such attacks led to approximately $500 million in losses in 2024. These incidents affected over 330,000 addresses, marking a significant increase from the previous year.
