Celsius mailing list stolen in OpenSea breach

by Arthur · July 28, 2022

Table of Contents

Important takeaways

Celsius reported today that a Customer.io employee breached the list of user email addresses last month.
OpenSea was the first target of this breach; However, further investigation has found that other companies were also affected.
The incident comes at a difficult time for Celsius, which recently suspended user withdrawals and filed for bankruptcy.

Celsius said today that a list of client email addresses was leaked through its automated messaging platform Customer.io.

Customer.io Leak Celsius mailing list

A Customer.io employee has leaked a list of email addresses belonging to Celsius customers.

Today, Celsius sent an email to its users indicating that “one of [Customer.io’s] employee gained access to a list of Celsius client email addresses.” The employee then forwarded those addresses to an unnamed malicious third party.

The beleaguered crypto lender stated that the addresses had been kept in Customer.io’s records for marketing purposes and that user accounts were not directly breached. Celsius also said the incident did not “pose a high risk to our clients” and that while it had yet to see proper evidence of the breach, it had chosen to bring it to users’ attention.

According to Celsius, the data breach is part of the same attack that leaked user email addresses linked to NFT marketplace OpenSea in late June. At the time, Celsius had been told that none of the data had been compromised. However, as a precaution, it removed all data from Customer.io and then attempted to confirm that the information had indeed been deleted from the platform.

Nevertheless, on July 8, Customer.io notified Celsius that, upon further investigation, it had determined that one of its employees did in fact have access to the list of user email addresses. Customer.io said today that five companies other than OpenSea were targeted in the breach. Unstoppable Domains seems to be one of them.

In response, Customer.io said the employee responsible for the breach has been terminated and reported to the police.

While the theft of email addresses is not uncommon, the incident comes at an unfortunate time for Celsius. The firm, which has suffered a liquidity crisis it claims was prompted by “extreme market conditions”, suspended user withdrawals in June and is now engaged in bankruptcy proceedings.

Disclosure: At the time of writing, the author of this piece owned BTC, ETH and other cryptocurrencies.

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representations or warranties as to the timeliness, completeness or accuracy of information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not provide personal investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may be out of date, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update outdated, incomplete or inaccurate information.

You should never make an investment decision on an ICO, IEO or other investment based on the information on this website, and you should never interpret or otherwise rely on the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice about an ICO, IEO or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sale, securities or commodity.

See full terms and conditions.