WEB3
by BSCN
January 13, 2025
The breach, caused by an insider at OpenSea's email vendor, Customer.io, initially leaked email addresses of traders, influencers, and key crypto figures.
The security breach that rocked OpenSea in 2022 has taken a new turn as over seven million email addresses are now publicly available, according to SlowMist's Chief Information Security Officer, known as "23pds." This breach, initially reported in June 2022, involved a leak of user email addresses from OpenSea's email vendor, Customer(.)io.
In June 2022, OpenSea was at the height of its success, with over 120 million monthly visitors and ranking among the top 400 global websites. During this time, an employee of Customer(.)io, the email automation provider, exploited their access to extract and share email addresses from OpenSea's user database with an unauthorized third party.
The leak primarily targeted the platform's user base but also compromised prominent figures in the cryptocurrency sector, including Binance’s CEO Changpeng Zhao, leading firms, and industry influencers.
Cybersecurity expert 23pds confirmed on X (formerly Twitter) that the email addresses, including those of industry leaders, influencers, and traders, are now widely accessible. Given their visibility, these individuals are prime targets for phishing attacks, which can cause severe financial and reputational damage.
This data release amplifies the risk for individuals already affected, making them vulnerable to phishing scams and other malicious activities. 23pds emphasized that these email addresses could now be used by bad actors to create convincing phishing attacks.
Phishing scams are already one of the most significant security threats in the crypto space. The compromised data makes it easier for scammers to send deceptive emails resembling legitimate communication from trusted entities like OpenSea. These emails often trick users into clicking malicious links, leading to stolen login credentials, digital assets, or even personal information.
SlowMist’s security expert advised all users whose email addresses were part of the breach to take immediate precautions. These include creating strong, unique passwords for their accounts and using a password manager to store them securely. The use of two-factor authentication (2FA) is also highly recommended, with a preference for authenticator apps over SMS-based 2FA due to their increased security.
Earlie, OpenSea also reinforced these security measures, reminding users to be cautious of emails that appear to come from unofficial OpenSea domains such as “opensae(.)io,” “opensea(.)org,” or “opensea(.)xyz.”
Phishing attacks, which result from such breaches, have become a significant problem, with over $1 billion in digital assets lost to these scams in 2024 alone. According to CertiK, over 250 breaches occurred in the first half of 2024, affecting major platforms such as Binance, Crypto.com, and eToro.
The breach also highlights the vulnerabilities present in third-party services used by crypto platforms. In case of OpenSea, Customer().io, a trusted partner for email automation, was the source of this leak, underlining the need for stronger security measures across all levels of a platform’s infrastructure, especially with sensitive user data.
It adds to a growing list of high-profile incidents, such as Ledger's 2020 breach, which exposed personal details of over 270,000 users.
Disclaimer
Disclaimer: The views expressed in this article do not necessarily represent the views of BSCN. The information provided in this article is for educational and entertainment purposes only and should not be construed as investment advice, or advice of any kind. BSCN assumes no responsibility for any investment decisions made based on the information provided in this article. If you believe that the article should be amended, please reach out to the BSCN team by emailing [email protected].
Latest News
11h : 56m ago
Weekly Article Recap: 2/03-2/07
February 7, 2025
POPCAT Memecoin Review: Analysis and Prospects
February 7, 2025
Ondo Finance’s New Blockchain: What is Ondo Chain
February 7, 2025
Everything You Need to Know About Analog's Official Launch
February 7, 2025
Telegram Meets AI Agents: TheOpenLayer Partners with NPC Team
February 7, 2025
Donald Trump-Backed World Liberty Financial Plans to Create "Strategic Reserve"
February 7, 2025
When Will Pi Launch Open Network Mainnet?
February 7, 2025
Cboe BZX Files for Multiple Spot XRP ETFs with SEC: What You Need to Know