Binance, Coinbase, and Crypto.com Addresses Found in OpenSea's Massive Email Leak

By Leakd.com Authors

January 13, 2025

opensea leak featured — NFTs published by OpenSea on Instagram.

It took more than two years for the threat actor of OpenSea's multimillion-user base to publish the data online. Leaked emails include addresses used by the employees of Binance, Coinbase, and Crypto.com.

An analysis by LEAKD found 16 “@binance.com” emails, including the one attributed to Changpeng Zhao (CZ), the co-founder of Binance, 24 “@coinbase.com” emails, and 14 “@crypto.com” email addresses.

LEAKD has found that there are nearly 7 million email addresses published online in total.

opensea leak — Image: Leaked file contents and the total number of records.

LEAKD has found that the database seems to have started circulating on a popular hacker forum in October 2024 by a user who has since been banned. The forum moderator shared the last known IP address of the threat actor which indicates a Pak Kret city near Bangkok, Thailand, and using JasTel internet provider.

opensea leak hacker forum — Image: The first OpenSea email list on a hacker forum.

The threat actor seems to be an enjoyer of anime and Roblox, his public accounts point to a birth year of 1996 and all match Philipine's location which correlates with an IP address given in the forum ban note.

opensea threat actor — Image: One of the accounts on an anime website that seems to belong to the threat actor.

Another interesting note is one of the accounts on DeviantArt that matches the birthdate, location, and username, has a note saying “ALL FEDERAL AGENTS” and an expired link to a Discord server linked to the Roblox game.

opensea leak massage — Image: Allegedly a Threat Actors DeviantArt account with a message to federal agents.

23pds, the pseudonymous CISO at SlowMist, a crypto security specialist, also stated today that "the leaked email addresses have now been fully publicized after multiple disseminations."

23pds warned owners of the leaked addresses to be aware of the risks associated with phishing emails and other potential cyberattacks. Meanwhile, in a separate post, SlowMist advised users to create strong email passwords and use a password manager to store them securely. Two-factor authentication (2FA) might also add an extra layer of security.

How to protect yourself

In June 2022, OpenSea confirmed that an employee of Customer.io, their email delivery vendor, misused access to download and share email addresses—provided by OpenSea users and subscribers to their newsletter—with an unauthorized external party.

The platform warned that malicious actors may try to contact OpenSea users using email addresses that appear visually similar to their official email domain, ‘opensea.io’ (such as ‘opensea.org’ or other variations).

In addition, the NFT trading platform recommended four measures to help users protect themselves from potential criminals:

Never download anything from an OpenSea email, as authentic emails from the company do not include attachments or requests to download anything.
Check the URL of any page linked in an OpenSea email, as the company only includes hyperlinks to ‘email.opensea.io’ URLs. Be cautious, as criminals might shuffle letters in this URL as well.
Never share or confirm passwords or secret wallet phrases, as OpenSea will never prompt users to do so.
Never sign a wallet transaction prompted directly from an email, as OpenSea emails do not include links that directly prompt users to sign wallet transactions.

"Never sign a wallet transaction that doesn’t list the origin as https://opensea.io if you were led there by email," OpenSea stressed.