Over the last five months, OpenSea has experienced incidences of account compromise reports by its users. These OpenSea hacks have led to many NFTs worth large sums of money being traded without the user's permission. It has led to a rise in concern by its users over digital asset safety on the platform. OpenSea is the largest non-fungible token(NFT) trading platform, boosted by its popularity among the NFT community and various digital assets that one can trade. Hence, it has become an enticing platform for users with malicious intent. This article will give you insight into why OpenSea is always susceptible to hacks. Let's dive in:
Phishing Attacks on OpenSea
On February 19, 2022, hackers successfully managed to steal hundreds of NFTs from OpenSea users. According to Devin Finzer, the CEO of OpenSea, the attack is a phishing attempt that's not connected to the company's website. He also noted that 32 users signed a malicious payload, and some of their NFTs were stolen. Later, however, after their internal investigations, OpenSea stated that the hack impacted only 17 individuals as the initial statement included any user who interacted with the attacker rather than only victims. A phishing attack is a type of social engineering that involves masquerading as a trusted entity to steal user data, such as their login details. It can happen through various methods, such as sending an email or text message. After clicking on a link, the recipient is then tricked into entering their personal information, which hackers can use to launch a ransomware attack. In this case, the hacker could get into the victim's account and transfer ownership of the NFTs.
OpenSea And Its History With Social Media Hacks
On May 6, 2022, the OpenSea account on Twitter wrote, "We are currently investigating a potential vulnerability in our Discord; please do not click on any links in the Discord." In this case, a hacker managed to gain access to OpenSea's Discord through one channel admins. The hacker then duped the victims into clicking the malicious 'YouTube Genesis Mint Pass' on their discord channels in collaboration with a fake YouTube partnership announcement. The NFTs stolen in this case were worth less than 10 Ether, or about $26,903. In addition, less than ten digital wallets were affected. The OpenSea hacking used the same strategy that other scammers have used in their efforts to infiltrate various online communities. In April, malicious players also hacked the Bored Ape Yacht Club's Discord, posting a phishing link. However, only one NFT was stolen. A few weeks later, the NFT's Instagram account was also hacked, and NFTs worth $2.8 million were stolen.
A Bug Problem?
A technical issue reportedly affected the OpenSea platform earlier this year. The issue allowed users to acquire NFTs at a lower price, whereby the Bored Ape Yacht Club and the Mutant Ape Yacht Club got compromised. According to Elliptic, a cryptocurrency analysis firm, three attackers were able to purchase over $1 million worth of cryptos using a vulnerability in the marketplace. After exploiting the vulnerability, one of the attackers bought seven NFTs for $133,000 and then sold them quickly for $934,000. On December 31, a similar type of vulnerability appeared in OpenSea. It involved the transfer of assets from one wallet to another without the listing being canceled. According to one user, this issue could be caused by the platform charging users to remove an ad. Users created a new wallet and transferred the NFT to avoid this. This method was relatively expensive and would have to be paid for by the users hence working around to cut costs. The issue with OpenSea's decentralized exchange was caused by the company's design. Although it's not specified as a bug or a cyberattack, it shows that the platform is a poorly-designed marketplace. This issue has led to various scams, which means that users should be cautious when using the service.
Final Thoughts
The rise of the NFT market in 2021 has created immense potential for digital creators, but it's also open to potential scams. To avoid becoming the victims of these fraudsters, users should take the necessary precautions to protect their assets. OpenSea has to improve its security and take strict measures as its reputation highly relies on that. Regardless of whatever security measures OpenSea takes, users still overly hold the key to their accounts because it is a trading platform. It is, thus, with great emphasis that users take extreme caution when dealing with anything that tries to link back to their accounts. Due to the increasing number of attack vectors used to target non-fungible trading systems (NFTs), the number of attacks on these platforms is expected to rise. Although the NFT marketplaces are starting to improve their systems to prevent these attacks, experts believe that the number of attacks on blockchains will continue to increase in the future.