Security Alert Bugs allowing malicious NFT uploads uncovered in OpenSea marketplace

silversurfer

Level 75
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,436
Critical security issues in the OpenSea NFT marketplace that allowed attackers to steal cryptocurrency wallet funds have been patched.

NFTs, also known as non-fungible tokens, are digital assets that can be sold and traded on the blockchain. While some NFTs -- from a pixel cartoon to a popular meme -- can reach a sale price of millions of dollars, the popularity of this phenomenon has also created a new attack vector for exploitation.

On Wednesday, the Check Point Research (CPR) team said that flaws in the OpenSea NFT marketplace could have allowed "hackers to hijack user accounts and steal entire crypto wallets of users, by sending malicious NFTs."

An investigation was launched after reports surfaced of malicious NFTs, airdropped for free, being used as conduits for cryptocurrency theft and account hijacking.
The researchers disclosed their findings to OpenSea on September 26. Within less than an hour, the marketplace had triaged and verified the security issues and deployed a fix.

In a statement, OpenSea said:
"Security is fundamental to OpenSea. We appreciate the CPR team bringing this vulnerability to our attention and collaborating with us as we investigated the matter and implemented a fix within an hour of it being brought to our attention.
These attacks would have relied on users approving malicious activity through a third-party wallet provider by connecting their wallet and providing a signature for the malicious transaction."
 
Top