Email addresses of over 7m OpenSea users published online

Email addresses of more than 7m users of the OpenSea NFT marketplace, compromised in a leak several years ago, have surfaced online. The disclosure came from SlowMist’s head of information security, known as 23pds.

?记得 2024 年 OpenSea 邮件服务商遭攻击导致邮件泄露的事件吗？经过多次传播，目前泄露的邮件地址已被完全公开。请务必注意相关风险，警惕钓鱼邮件和其他潜在的网络攻击！ @cz_binance 邮件地址也在其中:-) Remember the attack on the OpenSea mail service provider in 2024 that led to the… pic.twitter.com/LcOyFaFuAz

— 23pds (山哥) (@im23pds) January 13, 2025

“The leaked addresses have been fully published after multiple rounds of dissemination. Please be mindful of the risks of phishing and other potential cyberattacks,” the specialist warned.

He said the list of affected users includes well-known companies and key opinion leaders (KOLs) in the crypto industry.

The data were first compromised in June 2022, when an employee of email service provider Customer.io, which served OpenSea, passed the marketplace’s client addresses to a third party.

23pds объяснил to Cointelegraph that these data did not appear in the public domain until late December 2024. They have now been posted “in full”. The expert shared with reporters a screenshot of a Telegram message purportedly containing an archive of the stolen addresses.

The SlowMist specialist advised affected users to remain vigilant and to use app-based multi-factor authentication instead of SMS.

In early January, analysts at CertiK warned of a growing phishing threat, citing a rise in such attacks and the scale of losses.