7 Million OpenSea Addresses Leaked in 2022 Breach, SlowMist Confirms

The data breach OpenSea’s email service provider which occurred in June 2022 resulted in the leak of 7 million email addresses.

Experts have found that this includes many well-known people, firms as well as key opinion leaders (KOLs) in the crypto industry.

OpenSea Breach

According to the latest update shared by SlowMist’s pseudonymous chief information security officer, “23pds,” the leaked data included the email addresses of numerous crypto industry professionals, such as Binance founder and former CEO, Changpeng ‘CZ’ Zhao.

23pds tweet read,

“The amount of leaked data reached 7 million, including a large number of email information of overseas cryptocurrency practitioners, including many well-known people, companies and key opinion leaders (KOLs) in the industry, which may pose further threats to the privacy and asset security of the cryptocurrency industry in the future.”

OpenSea – which happens to be one of the largest NFT marketplaces in the world – initially alerted its customers to the breach on June 29, 2022, during which it identified that an employee of Customer.io, its email automation vendor, had leaked the email addresses to an external party. Customer.io later confirmed that the breach also compromised the customer data of five other companies, although it did not disclose their identities.

Although the breach took place more than two years ago, this information wasn’t publicly disclosed until recently, allowing attackers to exploit it for phishing and scams.

Billions Lost to Phishing Attacks

CertiK’s recent report revealed that phishing emerged as the most costly attack vector in 2024, which led to $1.05 million in losses from 296 incidents, including three cases where losses surpassed $100 million. This accounted for nearly half of the total stolen value that year and 39.1% of the total incidents, indicating that phishing generally results in higher losses per attack compared to other vulnerabilities.

The blockchain security firm explained that phishing remains popular among attackers because it is simple and effective. It exploits human weaknesses rather than just targeting technical systems. Through deceptive emails, fake websites, or fraudulent messages, attackers manipulate users into sharing sensitive data like passwords, private keys, or wallet addresses.

In the crypto industry, phishing is especially devastating due to the irreversible nature of transactions, as stolen funds cannot be recovered unless returned by the attacker. As such, quarterly losses from phishing were highest in the second quarter of 2024, recording over $433 million.