• The same data breach that affected OpenSea has affected Celsius
  • Customer.io removed its employee responsible for email leaks

Celsius users — look out for phishing attacks. 

The cryptocurrency lender has warned customers that a data breach led to their emails being leaked.

Late Thursday, Celsius emailed users informing them that an employee at its email delivery vendor Customer.io accessed a list of client addresses and sent them to an unauthorized party.

The embattled firm said it didn’t consider the incident to pose “high risks,” and had been informed that no other Celsius-related data was compromised beyond identified email addresses. 

About a month ago, collectibles platform OpenSea warned users that their email addresses were compromised in a similar leak. Customer.io was responsible for that incident too, since one of its employees abused their access. The vendor said that the employee responsible had been terminated, had all access removed and was reported to law enforcement.

Celsius, aware that Customer.io was one of its vendors, said it proceeded to remove data held with the firm after the OpenSea episode. At the time, the vendor found no Celsius data involved in the breach. 

But on July 8, Celsius was notified that it too had been affected by the same offender. In a statement, Customer.io confirmed five clients apart from OpenSea were impacted by the email leaks. “We do not expect to learn any additional information since this incident resulted from the actions of a single employee, who had legitimate access to these email addresses as part of the employee’s job,” it added.

Celsius customers took to Twitter to express frustration over a stream of trouble they’ve had to face with the lender. 

The firm is dealing with restructuring its assets after filing for bankruptcy on July 13. A court document shows Celsius has $5.5 billion in liabilities and $4.3 billion in assets, leaving it with a $1.2 billion hole on its balance sheet.

And while Celsius has been quick to downplay the risk to its users, similar data breaches have shown that affected users have actually lost funds due to phishing attacks. 

When hardware wallet manufacturer Ledger suffered a data leak of its marketing database in July 2020, its users were targeted with devious scams designed to steal their cryptocurrencies.

Shopify, the e-commerce giant that Ledger used to sell its wallets, also came under attack from users for “repeatedly and profoundly” failing to protect customer identities. Both firms were sued in April after victims lost some of their crypto assets.

Get the day’s top crypto news and insights delivered to your inbox every evening. Subscribe to Blockworks’ free newsletter now.

  • Blockworks
    Shalini is a crypto reporter from Bangalore, India who covers developments in the market, regulation, market structure, and advice from institutional experts. Prior to Blockworks, she worked as a markets reporter at Insider and a correspondent at Reuters News. She holds some bitcoin and ether. Reach her at [email protected]