en
Back to the list

OpenSea Says It’s Patched an NFT Phishing Vulnerability

source-logo  coindesk.com  + 2 more 13 October 2021 21:26, UTC

Popular NFT marketplace OpenSea has closed an NFT phishing loophole discovered by Check Point Research, a division of publicly-traded security firm Check Point Software Technologies.

  • Check Point wrote about the discovery in a blog post on Wednesday and outlined the scam in a video: clicking pop-ups associated with malicious, airdropped NFTs could have given access to customer’s wallets.
  • The company said it notified OpenSea of the vulnerability on Sept. 26 and that OpenSea fixed the issue and verified the fix within an hour.
  • “It’s important to note had an attacker attempted to take advantage of this flaw, the end-user would have needed to approve the malicious transaction through a wallet signature,” OpenSea wrote in its own blog post about the issue on Wednesday. It said it had not been able to identify any instances where the vulnerability was exploited.
  • The phishing attack is a common tactic in the world of NFTs – thieves will send fishy tokens to public Ethereum addresses and wait for users to interact with them.
  • Scams are still pervasive on the platform, and throughout crypto in general, as CoinDesk outlined in this piece on NFT phishing schemes.
coindesk.com

Similar news (2)
Add similar news