A major data breach stemming from an OpenSea email vendor leak in 2022 has resurfaced, with over seven million email addresses now fully publicized online. This development exposes cryptocurrency enthusiasts and industry figures to heightened risks of phishing and scams.

The disclosure was highlighted by SlowMist, a blockchain security firm, whose Chief Information Security Officer, "23pds," issued a warning on January 13. “The leaked email addresses have now been fully publicized after multiple disseminations,” the security expert stated.

Details of the Leak

The initial breach occurred in June 2022, when an employee of OpenSea’s email automation platform, Customer.io, leaked customer email addresses to an external party. At the time, OpenSea warned its users, advising anyone who had shared their email with the platform to assume they were affected. The incident was reported to law enforcement, and investigations were initiated by Customer.io.

Until recently, the data had been circulating privately. Now, with the information fully publicized, attackers have unrestricted access to the compromised emails. According to SlowMist, the dataset includes emails belonging to high-profile individuals, companies, and key opinion leaders (KOLs) in the cryptocurrency sector.

A screenshot shared by SlowMist shows a Telegram message from December 26, 2024, containing an attachment named "opensea.io_mail_list.rar." The attachment reportedly includes all seven million entries, creating a lucrative target for cybercriminals.

Increased Risk of Scams

Experts warn that the public availability of the leaked data significantly increases the risk of phishing and fraud. Attackers can now exploit the email list to target victims with sophisticated scams. Cryptocurrency practitioners and users are particularly vulnerable, as scammers often leverage industry-specific knowledge to craft convincing phishing schemes.

What Users Should Do

In light of the situation, users are urged to remain vigilant against unsolicited emails, especially those requesting personal information or cryptocurrency transfers. It is also advisable to enable multi-factor authentication (MFA) on all accounts and avoid clicking on links or downloading attachments from unknown sources.