OpenSea fixes vulnerabilities against NFT hacks, research finds
Non-fungible tokens (NFT) marketplace, OpenSea has finally anchored its platform by fixing any vulnerabilities that could potentially expose accounts to NFT hacks on digital wallets and drain it, Check Point Research finds.
NFT’s fame spread on all fronts as a crypto trend that transforms any digital asset into a distinctive blockchain asset or provides users with a significant digital receipt representing the ownership of the NFT.
Famous NFT crypto market platform, OpenSea, which operates billions of dollars with its digital tokens’ transactions all around the year, experienced some issues in recent times as reports of scams hitting its customer base increased.
Check Point researchers revealed that it initiated an examination into probable security defects in the platform.
Initially, the security firm researchers did not find any vulnerability in OpenSea’s security framework. However, one thing was unsheltered, which is a method where an NFT hacker could mislead the crypto users to practically unveil their digital wallets. A conniving technique known as a “social engineering scheme.”
If succeeded, the social engineering scheme implements malicious NFTs to attract users to open their financial accounts to an anonymous person on the internet.
Check Point’s research exhibited the process. “An image file, airdropped onto OpenSea’s platform and offered for free to a user, can be pre-loaded with a payload that allows the thieving of that user’s funds. When viewed, the NFT subsequently deploys a series of malicious pop-ups, styled to look like they are from OpenSea itself, which requests that the user connect their digital wallet,” Gizmodo elaborated.
Once the user signs off to the prompts, his account is exposed to any genre of malicious activities that would result in their financial wallet drainage by an NFT hacker.
The NFT crypto platform notes that receiving such prompts would be unnatural for users since the third-party photo on the platform does not lead to a “request for a wallet connection.” In parallel, Check Point highlighted Open Sea’s point, stating that this sort of hoaxes would heavily rely on “unexpected behavior” from the person deceiving the user.
For the scam to succeed, users will have to overlook a multitude of red flags displayed on the OpenSea platform to, eventually, obtain their promised prize.
A scenario that can easily occur with some individuals.
To summarize, if this attack truly happened according to Check Point, then it is very unlikely to be successful since OpenSea has revealed that in most of these cases, the company was not able to detect any occurrences where this scam flourished.
“Security is fundamental to OpenSea. We appreciate the CPR team bringing this vulnerability to our attention and collaborating with us as we investigated the matter and implemented a fix within an hour of it being brought to our attention,” OpenSea said in a statement.
On another note, the NFT marketplace publicized Monday that it would conceal gifted NFT prompts from any account by default. This is only the case if it discovered unconfirmed compilations and included an option to halt any account’s activity from acquiring or selling NFTs once the platform confirms that the digital wallet is compromised.