The email addresses leaked in the OpenSea cyber-attack 2022 remain completely exposed, with millions causing anxiety in the cryptocurrency sector. Security researchers and cybersecurity analysts, however, note that the leaked data would make phishing attacks against users of the NFT platform much easier to pull off.
Details of the OpenSea data breach
OpenSea, for instance, shared in June 2022 that an email from the firm’s Customer.io provider exposed over seven million email addresses to a third party. OpenSea released a press release urging customers to presume their email information was compromised and stating that the incident had been reported to local authorities.
Despite being completed in 2022, when sensitive information was made public, the exposure that caused the data breach only surfaced until the end of 2024. It was plugged in this month while the stolen email addresses were circulated throughout the website. SlowMist’s Chief Information Security Officer 23pds mentioned that the leaking dataset includes addresses related to industry leaders, entrepreneurs, and opinion leaders.
Security risks for users
The leakage of these email addresses has primarily caused concern, as the world stands a high chance of experiencing massive phishing scams. Fraudsters are certain to capitalize on the leaked information by sending genuine reports that users are likely to give out their details or give the scammers a chance to get into their cryptocurrency wallets.
We can admit that phishing is one of today’s most dangerous threats. CertiK estimated that $989 million of digital assets were stolen during 296 phishing attacks in 2024. The actual total losses are estimated to be much higher since most cases go unreported.
Preventive measures for users
Based on the risks, 23pds has offered some tips to users who think their email addresses are compromised. People are encouraged not to use the same password for different accounts and to use managers to store them safely. Two-factor authentication must be employed correctly, while simple solutions such as Google Authenticator or Authy are preferred over SMS codes.
Moreover, the authors recommend that users not open links or attachments from unknown individuals while using the site. Another reason for maintenance is to bring in new updates to keep up with the latest security fixes in case hackers find weaknesses in these programs.
The incident involving OpenSea raises the question for all professionals active in the crypto and blockchain space: What cybersecurity measures should be adopted and adhered to? In light of the increasing number of phishing attacks, users are requested to be careful to prevent the loss of money and other valuable information.