OpenSea has fixed a platform vulnerability that could allow a hacker to steal someone’s encryption after sending a maliciously crafted NFT. According to a blog post, the issue was discovered by security firm Check Point Research and noticed tweets from people claiming to have been hacked after being given an NFT. Researchers spoke to one of the people who claimed to have been attacked, discovered that a vulnerability proving the attack could occur in this way, and reported the problem to OpenSea. The security company says the NFT trading platform fixed the problem within an hour and worked with researchers to make sure the fix worked.
It’s certainly not the appearance of OpenSea that an attacker could run out of an entire wallet, but it wasn’t just a matter of giving someone an NFT. Exploits required the target to first click on some prompts. Include transaction details. No user interaction is required when an NFT gift is sent, but the malicious NFT was harmless if it remained hidden in the OpenSea account.
Potentially dangerous situations occur when viewing an image alone (for example, right-clicking on an image[新しいタブで開く]Click, etc.). For users with crypto wallet browser extensions like MetaMask installed, a pop-up will start asking you to connect storage.opensea.io to your wallet.The target is[はい]When clicked, an attacker could steal wallet information and trigger another pop-up asking the victim to approve the transfer from his wallet to his wallet. If you’re not paying attention, or if you don’t know what’s going on and you confirm the transfer, you can lose everything in your wallet.
OpenSea said in a statement that no cases of people actually carrying out such attacks have been found, but it is still unclear what happened to those who said they were attacked. As far as I know, very few people have said they were hacked after receiving a gift NFT.
OpenSea says it is working with third-party wallet providers to help recognize malicious signing requests. Still, in most cases standard Internet safety rules apply. Don’t click on anything that looks unusual. absolutely Do not check transaction requests unless you are completely certain of what you want to do.
This particular attack required a lot of interaction (and at least some carelessness) from the target, but it’s good to see CheckPoint’s confirmation that OpenSea has fixed it. It’s easy to imagine that people unfamiliar with NFTs could potentially run out of wallets. We have also seen examples of villains and scammers in crypto space.Some people are happy Steal people’s Ethereum,pretend OpenSea Support Employee, also Almost certainly sell fake banksy..
OpenSea too Announced on Monday By default, if the donated NFT is from an unidentified collection, it will be hidden from the account page, and if the wallet appears to be compromised, an option will be added to suspend the purchase and sale of NFTs by the account.
