23pds, the pseudonymous Chief Data Safety Officer (CISO) at blockchain safety agency SlowMist, has raised issues about potential phishing assaults focusing on greater than seven million OpenSea customers whose emails had been leaked in a June 2022 breach.
23pds acknowledged:
“Bear in mind the assault on the OpenSea mail service supplier in 202[2] that led to the leakage of emails? The leaked e mail addresses have now been totally publicized after a number of dissemination.”
Based on 23pds, the uncovered knowledge consists of the e-mail addresses of high-profile figures within the crypto trade, similar to outstanding corporations, influencers, and key opinion leaders (KOLs).
They famous that this poses vital dangers to privateness and asset safety within the crypto sector. A screenshot shared by the CISO even revealed that Binance’s former CEO Changpeng Zhao’s e mail tackle was among the many compromised knowledge.
The information breach traces again to 2022, when an worker of OpenSea’s e mail vendor, Buyer.io, improperly accessed and shared consumer e mail addresses with an unauthorized social gathering.
On the time, OpenSea assured customers that solely those that subscribed to emails or newsletters had been affected and urged warning in opposition to phishing makes an attempt.
Phishing threats
23pds famous that the general public publicity of those emails amplifies issues about phishing assaults. They added:
“Please concentrate on the dangers related to phishing emails and different potential cyberattacks.”
To safeguard in opposition to potential assaults, blockchain safety agency SlowMist suggested affected customers to undertake sturdy safety practices. These embrace utilizing sturdy, distinctive passwords, storing them in password managers, and enabling two-factor authentication (2FA) with authenticator apps as an alternative of SMS.
SlowMist acknowledged:
“We additionally suggest that customers use two-factor authentication (2FA) every time doable, recommending an authenticator app over SMS-based 2FA, and stated to maintain system software program up to date.”
These warnings are unsurprising, contemplating a Rip-off Sniffer report highlighted that phishing assaults by crypto pockets drainers precipitated an estimated $500 million in losses in 2024. This marked a 67% enhance from the full incidents in 2023 and affected over 330,000 addresses.