NFT market fixes flaw that allowed cryptocurrency theft

OpenSea, one of the main NFT marketplaces on the market today, announced the correction of a flaw that allowed the theft of cryptocurrencies after opening a non-fungible token by the victim. The attacks were aimed at users of browser extensions linked to digital wallets, and involved social engineering scams and sending such files as a gift from Greek to affected users.

  • Enterprise system failure distributes more than US$ million in cryptoactives
  • Brecha exposes 1.7 billion records of Brazilian e-commerce platform
  • 14 One thousand Gmail accounts are targets of Russian virtual attack with phishing bait

The hole was located by Check Point Research with based on reports from users on social networks, with complaints about zero balances and unauthorized transfers being made in connection with the NFTs platform. After analysis, the vulnerabilities were found and reported to OpenSea, which said it took only one hour between receiving the complaint and the researchers’ work to correct the opening, which no longer poses a risk to platform users.

This is, according to the researchers’ report, a scam that involves processes and direct user interaction, but which can lead to exploitation due to the nature of the threat. Compromised NFTs pose no danger if left in the inbox, but simply interact with them to trigger the attack; even opening an image in a new tab was enough for the attack to detect the use of browser extensions related to cryptocurrency wallets and display several authorization pop-ups, related to receiving the file, but actually transferring the files. funds.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.

Every day a summary of the main news in the tech world for you!

The emergence of scams led to publications by NFT providers, artists and even exchanges of cryptocurrencies about the danger of uploaded images as gifts. The ideal, experts point out, is for users to pay attention to what they are doing and avoid interacting with files that arrive in this way — as the attack involves user confirmations and clicks, be aware of alerts, links and other requests by services of type is a good path to protection.

Despite the posts of affected users and also alerts on social networks, OpenSea said it has found no signs that the breach was effectively used to steal cryptocurrencies of its users. The service also said that NFTs received as a gift will be sent to a hidden box, with security indications, if they were sent by unverified accounts and the application of a general lock, to be activated by the user, if they perceive that their account may be compromised.

Finally, the marketplace also said that it intends to work with wallet developers to identify signs of attack, so that they can be curbed by their automated systems. Until then, the request is for users to follow best security practices and be cautious, avoiding clicking suspicious links or authorizing transactions without being sure what they are doing.

Source: Opensea

Did you like this article?

Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.


Related Articles

Back to top button