Cyber security researchers on Wednesday reported that the world’s largest NFT (Non-Fungible Token) marketplace, called OpenSea, compromised security which, if exploited, might have led hijack user accounts & steal complete crypto wallets of users, by sending malicious NFTs.
After seeing reports of stolen-crypto wallets started by free air-dropped NFTs, Check Point Research (CPR) investigated OpenSea, world’s largest NFT marketplace. The investigation result into the discovery of critical security vulnerabilities on OpenSea’s platform.
The team immediately disclosed these findings to OpenSea, who went on to deploy a fix in lower than one hour of disclosure.
OpenSea is well-known for the world’s largest NFT marketplace, estimating $3.4 billion in transaction volume in August alone.
“These attacks could have relied on users approving malicious activity by a third-party wallet provider by connecting their wallets, and giving a signature for the malicious transaction,”OpenSea said.
“We have been unable to identify any illustration, where this vulnerability was exploited, but are coordinating directly with the third-party wallets that unite with our platform on how to help users better identify malicious signature requests, also other initiatives to help users’ thwart scams & phishing attacks with more efficacy,” company added.
NFTs permit people to buy & sell ownership of unique digital items in cryptocurrencies and keep track of who owns them through Blockchain. NFTs technically contain anything digital, which include drawings, artworks, tweets, animated GIFs, songs or also video games.
The investigation of OpenSea was prompted-by the reports of free airdropped NFTs allegedly gifted to users.
The security researchers recommended that users have to be careful when receiving requests to sign your wallet-online.
“Given sheer pace of innovation, there’s an inherent challenge in securely integrating software applications & crypto markets,” said Oded Vanunu, the Head of Products Vulnerabilities Research at the Check Point Software.
“We sternly warn OpenSea community to watch-out for suspicious activity that may result into theft, as we thought bad actors will continue to expand their efforts, so as to hijack crypto wallets, while exploiting system vulnerabilities,” Vanunu added.
The article originally published on Business Insider.
