-
The leak occurred in 2022, but the addresses were recently disclosed.
-
The address of the former president of Binance, “CZ”, appeared in the list of leaked emails.
According to a researcher at SlowMist, a cybersecurity company founded in 2018, users of OpenSea, the popular NFT marketplace, could be targeted by phishing attacks.
The leak of data containing users’ emails occurred in 2022. The researcher, whose pseudonym is im23pds on the social network
The leaked email addresses have already been made public after multiple broadcasts. Please be aware of the risks associated with emails from phishing and other possible cyber attacks!
im23pds, SlowMist researcher.
The amount of data leaked at the time would have reached the sum of 7 million, among which are included “a large number of emails from cryptocurrency professionals abroad, including many well-known people, companies and key opinion leaders (KOLs) in the industry,” says the researcher.
Those affected would not have been just ordinary users, but also well-known members of the bitcoin and cryptocurrency industry, as ChangPeng Zhao, who, as NoticiasVE reported, is the former executive president of Binance.
This means that OpenSea users whose emails were leaked could receive unwanted attention from impersonators. That is, from fraudulent actors sending emails disguised as OpenSea agents or simulating automated attention-grabbing messages of NFT market users.
A user comments on the social network
The author of this article received an automated message of the same style, according to which one of his listed NFTs “has generated significant interest.” However, at the time of writing, it does not own any NFTs listed for auction or sale on that NFT marketplace.
These emails contain malicious attachments or links that lead to fraudulent pages that imitate the NFT market and that they could request the user’s real credentials, such as email and password. Also asking the user to connect their wallet to the site through a smart contract, causing them to grant access to their private funds without knowing it.
Protect yourself from phishing with these tips
An effective way to detect fraudulent emails from impersonators is by checking the domain names of the sender email. Generally, domains that do phishing They are not suspicious, and they imitate the legitimate ones with slight variations, adding or omitting a single letter or number. For example, instead of “NoticiasVE.com”, you could use “criptonoticiass”.
The emails from phishing They can also come from generic domains such as «@gmail.com» or «@yahoo.com», when what is expected is that they are official corporate domains. For example: autor@NoticiasVE.com.
On other occasions, the domain names of the fraudulent emails are a disorganized sequence of alphanumeric characters, as shown in the following image:
One last useful feature to know to detect emails from phishing is that they usually create a sense of urgency or fear so that the recipient acts quickly and without thinking.