Cyber-threat intelligence firm, Check Point Research has revealed that NFT crypto marketplace, OpenSea has began the fixing of vulnerabilities that could potentially expose accounts to Non-fungible tokens (NFT) hacks on digital wallets and drain it.
OpenSea, had recently experienced security issues, with reports of scams reaching its userbase hitting the forefront.
The researchers at Check Point have now revealed they have begun an examination on what may factor the security defects in the platform.
The researchers did not at first discover any lapse in the security framework of OpenSea but one thing was unsheltered: a conniving technique known as ‘social engineering scheme’, a method by which an NFT hacker will be able to mislead crypto users to unveil their digital wallets.
The social engineering scheme, once it succeeds in getting a crypto user to reveal his or her digital wallets, will go ahead to implement malicious NFTs to make users open their financial accounts to an anonymous person on the internet, making the user wallet susceptible to hacks.
Gizmodo elaborated Check Point’s research process when it wrote. “An image file, airdropped onto OpenSea’s platform and offered for free to a user, can be pre-loaded with a payload that allows the thieving of that user’s funds. When viewed, the NFT subsequently deploys a series of malicious pop-ups, styled to look like they are from OpenSea itself, which requests that the user connect their digital wallet”.
Immediately the user signs off the prompts, the account are exposed to different malicious activities that would make the end product become losing access to their financial wallet, with his or her account drained by an NFT hacker.
OpenSea further noted that it would be weird for users to receive such prompts as the third-party photo on the platform does not lead to a “request for a wallet connection.”
Check Point in parallel highlighted Open Sea’s position on this, adding that this sort of hoaxes would heavily rely on “unexpected behavior” from the person deceiving the user.
For the malicious activity to succeed, users would have overlooked a number of warnings and signs on the OpenSea platform, for the scammers to have their way.
In summary, in the probable likelihood of the attack as enumerated by CheckPoint, the chances of success of the scam is very slim as OpenSea has in many cases revealed that it was not able to detect any occurrences where this scam flourished.
“Security is fundamental to OpenSea. We appreciate the CPR team bringing this vulnerability to our attention and collaborating with us as we investigated the matter and implemented a fix within an hour of it being brought to our attention,” OpenSea said in a statement.
Ayoola Faseyi, an Abuja based Journalist with interest in Technology and Politics. He is a versatile writer with articles in many renowned News Journals.
He is the Co-Founder of media brand, The Vent Republic.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
