OpenSea fixes a major vulnerability that could have leaked your identity

by · March 11, 2023

  • The loophole at OpenSea, when exploited, could have enabled the attacker to obtain users’ identities.
  • OpenSea quickly fixed the problem after the vulnerability came to light.

Cyber ​​security company Imperva discovered a major vulnerability in the popular NFT marketplace OpenSea, which, if successfully exploited, could allow an attacker to obtain the identity of users on the platform.

According to Imperva, the misconfiguration of the iFrame-resizer library used by OpenSea was the main reason behind the vulnerability.

Providing more details on the exploit mechanism for the issue, Imperva stated that the attacker would send a link via email or SMS.

If the victim clicks on the link, important information such as the target’s IP address, user agent, device details and software versions will be retrieved.

Cross-site search vulnerability would then be exploited to obtain the target’s NFT name, and the attacker would then link the leaked NFT/public wallet address to the email or phone number to which the link was originally sent.

However, Imperva’s report mentioned that OpenSea had fixed the problem after it was reported and that the marketplace was no longer vulnerable to such attacks

Tainted Past

OpenSea has faced serious concerns over the platform’s security in the past. In February 2022, it was at the center of one of the biggest hacks in the NFT ecosystem.

During the exploit, $1.7 million worth of NFTs were stolen from users’ wallets. The breach was acknowledged by OpenSea CEO Devin Finzer.

See also  Dubai: Now special NFT can give you dinner for 2 at the Michelin restaurant - News

In less than three months, the marketplace was hit again then its the discord channel was compromised. The hackers posted a fake YouTube collaboration news that included a link to a phishing website.

The impact of the hacks prompted OpenSea to take some concrete steps to protect its users. Last month, it introduced a three-hour grace period during which sellers will be prevented from accepting offers after a deemed sale.

Trading activity decreases

Meanwhile, OpenSea saw a significant drop in trading activity on the platform since mid-February. Weekly NFT trading plunged 40% as of press time, according to data from Token Terminal.

As a consequence, royalties paid to creators also fell. At the time of writing, the weekly fees on the listings page fell by 40%, which may deter interested creators from putting their work on the market.

Source: Token Terminal

OpenSea had been hit hard because of the Blur [BLUR] the storm that swept over the NFT market ecosystem. According to data from Dune Analytics, OpenSea’s share of the total trading volume across all marketplaces was reduced to 26%.

However, it still managed to hold onto a significant portion of its user base and total sales, with a dominance of 62.8% and 51% respectively.

Source: Dune Analytics

Related posts:

  1. Scammers hacked the British Army’s social media accounts to promote the NFT
  2. Nobody bought the Chevrolet 2023 Corvette Z06 NFT
  3. What fresh Hellfire is this Stranger Things NFT game?
  4. Warner Bros. joins forces with Nifty to launch Looney Tunes NFT

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Headline Posts