Over seven million email addresses compromised in an OpenSea email vendor leak in 2022 have recently been “fully publicized” online — giving scammers a new treasure trove of information to work with, warns a SlowMist executive.
“Remember the attack on the OpenSea mail service provider in [2022] that led to the leakage of emails? The leaked email addresses have now been fully publicized after multiple disseminations,” SlowMist’s chief information security officer, “23pds,” wrote in a Jan. 13 post on X.
Speaking to Cointelegraph, 23pds explained that while the attack occurred in June 2022, the data had not been made public until recently, meaning “all groups of attackers can use this information to go phishing and scamming.”
“Previously, it was not made public. Now all the leaked data has been made public in its entirety and is available to anyone who wants it.”
23pds shared a screenshot with Cointelegraph showing a Telegram message with an attachment named “opensea.io_mail_list.rar,” which purportedly holds 7 million entries.
Screenshot of a Dec. 26 Telegram post containing the leaked email addresses as an attachment. Source: 23pds/SlowMist
“The amount of leaked data reached 7 million, including a large number of email information of overseas cryptocurrency practitioners, including many well-known people, companies and key opinion leaders (KOLs) in the industry,” 23pds said on X, in a post originally written in Chinese.
Source: 23pds
OpenSea, one of the world’s largest non-fungible token (NFT) marketplaces, first warned customers of a data leak on June 29, 2022, after discovering that an employee of Customer.io — its email automation platform — leaked the list of OpenSea customer emails to an outside party.
“If you have shared your email with OpenSea in the past, you should assume you were impacted. We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement,” it said at the time.
Preventing phishing scams
23pds advised those who believe their email was leaked to create strong and unique passwords and use a password manager to store them securely.
They advised the use of two-factor authentication (2FA) wherever possible, recommending an authenticator app over SMS-based 2FA, and said to keep device software updated.
Related: Offchain transaction validation could prevent 99% of crypto hacks, scams
Phishing scams were one of the most significant security threats of 2024, with attackers able to make off with over $1 billion of stolen digital assets from 296 incidents in the year, according to CertiK.
“Phishing was the most costly attack vector last year,” a CertiK spokesperson previously told Cointelegraph. “Our figures are conservative, the actual figure is higher when you consider unreported incidents and other types of phishing scams like pig butchering.”
Magazine: Cypherpunk AI: Guide to uncensored, unbiased, anonymous AI in 2025