Bugs allowing malicious NFT uploads uncovered in OpenSea marketplace

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,107
Critical security issues in the OpenSea NFT marketplace that allowed attackers to steal cryptocurrency wallet funds have been patched.

NFTs, also known as non-fungible tokens, are digital assets that can be sold and traded on the blockchain. While some NFTs -- from a pixel cartoon to a popular meme -- can reach a sale price of millions of dollars, the popularity of this phenomenon has also created a new attack vector for exploitation.

On Wednesday, the Check Point Research (CPR) team said that flaws in the OpenSea NFT marketplace could have allowed "hackers to hijack user accounts and steal entire crypto wallets of users, by sending malicious NFTs."

An investigation was launched after reports surfaced of malicious NFTs, airdropped for free, being used as conduits for cryptocurrency theft and account hijacking.
The researchers disclosed their findings to OpenSea on September 26. Within less than an hour, the marketplace had triaged and verified the security issues and deployed a fix.

In a statement, OpenSea said:
"Security is fundamental to OpenSea. We appreciate the CPR team bringing this vulnerability to our attention and collaborating with us as we investigated the matter and implemented a fix within an hour of it being brought to our attention.
These attacks would have relied on users approving malicious activity through a third-party wallet provider by connecting their wallet and providing a signature for the malicious transaction."
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top