NFT marketplace OpenSea had some serious security flaws

DMCA / Correction Notice
- Advertisement -


Cyber ​​security Researchers help fix security flaws OpenC NFT Marketplace Which could be used by attackers to hijack users. cryptocurrency wallet.

- Advertisement -

Researchers at Check Point (CP) discovered significant security issues at one of the world’s largest NFT marketplaces after people claimed all their crypto was stolen after receiving free gifts on the platform.

“Such examples, with others who informed of Various scams within this marketplace prompted our researchers to look into (and find!) vulnerabilities within the platform, allowing scammers and hackers to hijack accounts and steal crypto currency from a digital wallet,” share CP researchers Dikla Burda, Roman Zakin and Oded Vanunu in a joint blog post.

Techradar needs you!

advertisement

We’re looking at how our readers use a VPN with streaming sites like Netflix so we can improve our content and offer better advice. This survey will take you no more than 60 seconds, and we would greatly appreciate it if you shared your experiences with us.

>> Click here to start survey in new window <

  • protect yourself from Best Identity Theft Protection Services
  • We have compiled a list of best endpoint protection Software
  • Check Out Our List Best Firewall Apps and Services
- Advertisement -

The researchers said OpenSea was responsive to their questions and collaborated with the researchers to help shut down all attack vectors.

engineering impatience

OpenSea allows anyone to create art in one of several popular multimedia formats and sell them in their marketplace.

The researchers used it to create an art in SVG format with a malicious payload that enables them to communicate with the platform’s default cryptocurrency wallet, MetaMask.

Nerdshala Reports that the attack relies on user inattention and the fact that OpenSea already generates a lot of pop-ups. The attack worked by sending a malicious NFT to the victim, which when opened triggered several pop-ups, including requests for access to the victim’s cryptocurrency wallet.

“You should always be careful when receiving requests to sign your wallet online. Before you accept a request, you should carefully review what is being requested and consider whether the request is unusual or suspicious. is,” cautioning users, advising users to decline any requests that seem even mildly suspicious.

  • keep your devices safe best antivirus software

Via Nerdshala

- Advertisement -

Stay on top - Get the daily news in your inbox

Recent Articles

Related Stories