English

English

Home » Critical flaw discovered in crypto wallets in NFT OpenSea market: Check Point Security

Critical flaw discovered in crypto wallets in NFT OpenSea market: Check Point Security

Check Point Research (CRP) discovered a critical flaw in the crypto wallets in the NFT OpenSea marketplace and warned the company to fix the exploit before hackers began to exploit the flaw. OpenSea is the world’s largest digital collectibles marketplace, a peer-to-peer marketplace for crypto collectibles and non-fungible tokens, commonly referred to as NFTs. He acknowledged the breach reported by the cybersecurity company.

The company recorded a transaction volume of $ 3.4 billion in August 2021 alone and has become the largest non-fungible token market in the crypto world.

If the vulnerabilities had not been patched, it could have allowed hackers to hijack user accounts and steal entire cryptocurrency wallets by creating malicious NFTs, Check Point said. They immediately disclosed the results to OpenSea, which then deployed a fix after less than an hour of disclosure.

“Security is fundamental for OpenSea. We appreciate that the CPR team brought this vulnerability to our attention and worked with us as we investigate the issue and implement a fix within an hour of reporting it. These attacks were said to have relied on users approving malicious activity through a third-party wallet provider by connecting their wallet and providing a signature for the malicious transaction, ”the company said in a press release.

How can a cybercriminal exploit such a vulnerability?

Hackers can create and offer a malicious NFT to target victims. Once the victim saw the malicious NFT, which would then trigger a pop-up from OpenSea’s storage domain, requesting connection to the victim’s cryptocurrency wallet (such pop-ups are common on the platform. -form for various other activities)

And in case the victim clicked on the pop-up to connect their wallet, it would allow cybercriminals full access to their wallet. The end result could be the theft of all coins, digital assets stored in a user’s entire cryptocurrency wallet.

The CPR recommends that you be careful when receiving online portfolio signing requests. “Before you approve a request, you should carefully consider what is being requested and determine whether the request is abnormal or suspicious. If you have any doubts, you should reject the request and consider further, before providing an authorization, ”the company added.

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on Top - Get the daily news in your inbox

Trending this Week