Check Point Research (CRP) discovered a critical flaw in the crypto wallets in the NFT OpenSea marketplace and warned the company to fix the exploit before hackers began to exploit the flaw. OpenSea is the world’s largest digital collectibles marketplace, a peer-to-peer marketplace for crypto collectibles and non-fungible tokens, commonly referred to as NFTs. He acknowledged the breach reported by the cybersecurity company.
The company recorded a transaction volume of $ 3.4 billion in August 2021 alone and has become the largest non-fungible token market in the crypto world.
If the vulnerabilities had not been patched, it could have allowed hackers to hijack user accounts and steal entire cryptocurrency wallets by creating malicious NFTs, Check Point said. They immediately disclosed the results to OpenSea, which then deployed a fix after less than an hour of disclosure.
“Security is fundamental for OpenSea. We appreciate that the CPR team brought this vulnerability to our attention and worked with us as we investigate the issue and implement a fix within an hour of reporting it. These attacks were said to have relied on users approving malicious activity through a third-party wallet provider by connecting their wallet and providing a signature for the malicious transaction, ”the company said in a press release.
How can a cybercriminal exploit such a vulnerability?
Hackers can create and offer a malicious NFT to target victims. Once the victim saw the malicious NFT, which would then trigger a pop-up from OpenSea’s storage domain, requesting connection to the victim’s cryptocurrency wallet (such pop-ups are common on the platform. -form for various other activities)
And in case the victim clicked on the pop-up to connect their wallet, it would allow cybercriminals full access to their wallet. The end result could be the theft of all coins, digital assets stored in a user’s entire cryptocurrency wallet.
The CPR recommends that you be careful when receiving online portfolio signing requests. “Before you approve a request, you should carefully consider what is being requested and determine whether the request is abnormal or suspicious. If you have any doubts, you should reject the request and consider further, before providing an authorization, ”the company added.
- OpenSea NFT platform bugs allow hackers to steal crypto wallets
- OpenSea NFT platform bugs allow hackers to steal crypto wallets?
- OpenSea product manager absent after NFT insider overturns charges
- Microsoft fixes a major security flaw in Azure
- OpenSea product manager accused of overthrowing NFTs with insider information