Tuesday, Nov 29, 2022

Critical flaw in crypto wallets on NFT marketplace OpenSea discovered: Check Point Security

If the vulnerabilities were left unpatched it could have allowed hackers to hijack user accounts and steal entire cryptocurrency wallets by crafting malicious NFTs.

crypto currencies do give a high rate of returns, but are equally susceptible to cyber attacks. (Photo Credit: Pixabay)

Check Point Research (CRP) has discovered a critical flaw in NFT marketplace OpenSea’s crypto wallets and warned the company to fix the exploit before hackers started exploiting the flaw. OpenSea is the largest digital collectible marketplace, a peer-to-peer marketplace for crypto collectibles and non-fungible tokens, commonly known as NFTs. It has acknowledged the breach as reported by the cybersecurity firm.

The company recorded $3.4 billion in transaction volume in August 2021 alone and has grown to be the largest marketplace for non-fungible tokens of the crypto world.

If the vulnerabilities were left unpatched it could have allowed hackers to hijack user accounts and steal entire cryptocurrency wallets by crafting malicious NFTs, Check Point said. They immediately disclosed the findings to OpenSea, which went on to deploy a fix after less than one hour of disclosure. 

“Security is fundamental to OpenSea. We appreciate the CPR team bringing this vulnerability to our attention and collaborating with us as we investigated the matter and implemented a fix within an hour of it being brought to our attention. These attacks would have relied on users approving malicious activity through a third-party wallet provider by connecting their wallet and providing a signature for the malicious transaction,” the company said in a press statement.

Subscriber Only Stories
Delhi Confidential: Ahead of Gujarat polls, BJP worries about NOTA votesPremium
Agrarian Punjab diesel-driven; Delhi opts for cleaner optionsPremium
The shadow of 1979: Iran and Saudi Arabia are fighting Islamism; Pakistan...Premium
Geniben Thakor interview: ‘BJP’s choice of a Thakor candidate...Premium

How can a cybercriminal exploit such vulnerability?

Hackers can create and gift a malicious NFT to target victims. Once the victim views the malicious NFT, which would then trigger a pop-up from OpenSea’s storage domain— requesting connection to the victim’s cryptocurrency wallet (such pop-ups are common in the platform on various other activities)  

And in case, the victim clicked on the pop-up to connect their wallet, this would allow cybercriminals complete access to their wallet. The end result could be the theft of all the coins, digital assets stored in a user’s entire cryptocurrency wallet. 

CPR recommends being careful when receiving requests to sign one’s wallet online. ”Before you approve a request, you should carefully review what is being requested, and consider whether the request is abnormal or suspicious. If you have any doubts, you should reject the request and examine further, before providing authorization,” the company added.

First published on: 13-10-2021 at 09:11:05 pm
Next Story

Delhi court calls for effective prosecution in riots cases, says police officers ‘confused’

Latest Comment
Post Comment
Read Comments