Over 7 million OpenSea users are facing renewed security threats after email addresses compromised in a 2022 data breach have recently become publicly available, according to blockchain security firm SlowMist.
In a January 13 post on X, SlowMist’s Chief Information Security Officer, 23pds, revealed that the leaked data had circulated several times before its public exposure, amplifying risks of phishing and other malicious activities. The breach reportedly includes email addresses belonging to prominent figures in the crypto space, such as former Binance CEO Changpeng “CZ” Zhao, as well as companies, influencers, and industry leaders.
In June 2022, a breach occurred involving Customer.io, OpenSea’s email delivery vendor, when an employee misused their access to obtain and share OpenSea users’ email addresses with unauthorized parties. OpenSea advised users to be cautious of phishing attempts, stating that legitimate communications would only originate from the “opensea.io” domain. Despite these warnings, phishing threats continued. In December 2022, attackers took advantage of OpenSea’s gasless transaction feature by creating fraudulent websites that deceived users into signing unauthorized requests, leading to illicit NFT transfers.
In November 2023, phishing campaigns intensified, targeting OpenSea developers with fraudulent alerts about developer accounts, raising concerns about potential breaches of their contact information.
By January 2024, scammers shifted to targeting users, sending emails promoting a fake exclusive NFT minting event featuring Nike and RTFKT. Victims were deceived into visiting harmful websites, believing they were selected for the limited-edition event, which led to the theft of their wallet details and funds.
Phishing scams remain a significant threat in the cryptocurrency sector, with a CertiK report indicating over $750 million lost to these scams and private key breaches in Q3 2024. Although security incidents dropped to just over 150, total losses increased by 9.5% from the previous quarter. Throughout 2024, hackers stole nearly $2 billion, with $505.5 million lost in Q1 and $687.5 million in Q2.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
