A massive data breach affecting over 7 million OpenSea users has escalated into a major security concern, as previously compromised email addresses from 2022 are now completely exposed to the public, according to blockchain security firm SlowMist.
The breach originally occurred in June 2022 when an employee at Customer.io, OpenSea's email delivery vendor, improperly accessed and shared user email addresses with an unauthorized party. The leaked data includes email addresses of prominent crypto industry figures, including former Binance CEO Changpeng "CZ" Zhao, as well as various companies and influential individuals.
SlowMist's chief information security officer, known as 23pds, revealed on January 13 that the compromised data had been circulated multiple times before becoming fully public. This exposure dramatically increases the risk of phishing attacks and other cyber threats targeting OpenSea users.
The NFT marketplace has previously faced several security challenges. In December 2022, attackers exploited OpenSea's gasless transaction feature through phishing websites. More recently, in January 2024, scammers targeted users with fake emails about an exclusive Nike and RTFKT NFT collaboration.
To protect themselves, users are advised to:
- Enable two-factor authentication
- Avoid clicking suspicious links
- Never share private wallet keys
- Verify email sources carefully
- Be cautious of unsolicited communications
OpenSea had initially warned users about potential phishing attempts following the 2022 breach, emphasizing that official communications would only come from the opensea.io domain. The company has not yet commented on this latest development regarding the public exposure of the leaked data.