I think it's safe to say that common sense should be used when receiving attachments from either an unknown sender, or a known sender with no prior announcement - at the very least.
I'm not associated with x-hash, but since entering cryptocurrency I've been especially apprehensive about handling attachments on machine(s) that I use for any crypto-related functions.
Of course I am just wondering where my email was leaked. Its only been recent i've been receiving these emails almost on a daily basis now.
That's a fair point. The only thing that you can do is research into whether any of the sites that you use that email address on have been compromised. Of course, this topic is a bid to check x-hash, but it might be worth Googling whether any other sites you use it on have announced that they have been compromised. Reddit might be useful too.