OpenSea Says It’s Patched an NFT Phishing Vulnerability
www.coindesk.com 13 October 2021 21:26, UTC
Reading time: ~2 m
Popular NFT marketplace OpenSea has closed an NFT phishing loophole discovered by Check Point Research, a division of publicly-traded security firm Check Point Software Technologies.
Check Point wrote about the discovery in a blog post on Wednesday and outlined the scam in a video: clicking pop-ups associated with malicious, airdropped NFTs could have given access to customer’s wallets.
The company said it notified OpenSea of the vulnerability on Sept. 26 and that OpenSea fixed the issue and verified the fix within an hour.
“It’s important to note had an attacker attempted to take advantage of this flaw, the end-user would have needed to approve the malicious transaction through a wallet signature,” OpenSea wrote in its own blog post about the issue on Wednesday. It said it had not been able to identify any instances where the vulnerability was exploited.
The phishing attack is a common tactic in the world of NFTs – thieves will send fishy tokens to public Ethereum addresses and wait for users to interact with them.
Scams are still pervasive on the platform, and throughout crypto in general, as CoinDesk outlined in this piece on NFT phishing schemes.
Back to the list
OpenSea Has Entered The Alexa 500 Most Visited Websites Ranking! - CryptoTicker
cryptoticker.io 15 October 2021 05:58, UTC
Report spots security risks on NFT platform, OpenSea, but ‘vulnerabilities not exploited’
ambcrypto.com 14 October 2021 13:17, UTC