The OpenSea NFT Marketplace
Malicious actors may have exploited a now-patched serious vulnerability in the world’s biggest non-fungible token (NFT) marketplace – OpenSea – that allowed them to steal cryptocurrency money from victims by sending a specially-crafted token, in what could have been a new attack vector.
NFTs are unique digital assets (like videos, audios, photos, and other media) that may be sold and exchanged on the blockchain utilizing the technology as a certificate of authenticity to create a verifiable and public evidence of ownership.
As a result of public reports of stolen cryptocurrency wallets caused by free airdropped NFTs, cybersecurity company Check Point Research started an investigation into the OpenSea platform. On September 26, the problems that were found and disclosed were resolved, and a fix was released to patch them.
The flaws, according to Check Point researchers, may enable hackers to takeover user accounts and steal bitcoin wallets.
As per what has been revealed, the attack is launched by a malicious NFT that sends a link to a third-party wallet provider. When clicked, the link allows rogue transactions to take place. This being said, users should be mindful of what they sign in OpenSea, and other NFT platforms and check if the actions correspond with their anticipated behaviors.
Check Point team point out that NFTs are here to stay, and blockchain innovation is well underway. However, because of the rapidity with which technology is evolving, integrating software applications and crypto markets safely is becoming more difficult. Security measures in this area have yet to catch up, so bad actors realize they have a window of opportunity right now with more and more users turning to blockchain technology.
There have been no reports of this vulnerability being used in the wild, according to OpenSea, but the company is working with third-party wallet providers to assist customers better detect fraudulent signature requests, as well as recognize other efforts for online frauds and phishing attempts.