- Millions of OpenSea user addresses stolen in 2022 have been publicized
- The list includes emails associated with top crypto executives like former Binance CEO Changpeng Zhao
- Security experts warn that the publication may increase scamming activities
The attackers that stole millions of email addresses from NFT marketplace OpenSea’s mail service provider in 2022 have released them to the public. The leaked emails include those of top crypto executives like the former Binance CEO Changpeng Zhao. security experts have warned that the emails are likely to give scammers a new lifeline, something that may increase scamming attempts and consequently the amount stolen.
All OpenSea Users Impacted?
SlomMist’s lead security officer, pseudonymously known on X as “23pds,” revealed the emails’ publication. According to the SlomMist executive, the emails were “fully publicized after multiple disseminations.”
💥记得 2024 年 OpenSea 邮件服务商遭攻击导致邮件泄露的事件吗?经过多次传播,目前泄露的邮件地址已被完全公开。请务必注意相关风险,警惕钓鱼邮件和其他潜在的网络攻击! @cz_binance 邮件地址也在其中:-) Remember the attack on the OpenSea mail service provider in 2024 that led to the… pic.twitter.com/LcOyFaFuAz
— 23pds (山哥) (@im23pds) January 13, 2025
The executive noted that the list contains seven million addresses, including those of international crypto entities like celebrities, companies, and top industry figures. He said that this is the first time the list has been shared in its entirety since June 2022.
The NFT exchange had previously revealed the emails were leaked by an employee of its email vendor, Customer.io. Announcing the incident on June 29, 2022, OpenSea said that all its users “should assume [they] were impacted.”
An employee of our email vendor, https://t.co/6vM4WAcJal, misused their employee access to download & share email addresses with an unauthorized external party.
Email addresses provided to OpenSea by users or newsletter subscribers were impacted.https://t.co/Osb6qqkqZZ
— OpenSea (@opensea) June 30, 2022
OpenSea disclosed that it had involved law enforcement agencies. The NFT marketplace advised users to stay vigilant and be “alert for any attempt to impersonate OpenSea via email.” It also asked users to never download email attachments or sign a wallet transaction originating directly from an email.
It’s Not the First Incident
The incident isn’t the first to impact OpenSea users. In May 2022, hackers infiltrated the marketplace’s Discord server and stole user details. In January of the same year, malicious actors compromised the platform’s security causing $1.8 million in losses.
The revelations come a few days after blockchain security firm PeckShield reported that scammers pocketed more than $800 million in 2024.
With the leaked email list likely to make crypto scammers’ work easier, scammers may pocket more funds this year compared to last year.
