After getting yourself involved in a debate Insider transactions, NFT Marketplace OpenSea is getting some more bad press. According to security research firm Checkpoint Software, the site had a serious security vulnerability that could allow hackers to steal users’ entire crypto wallets.
Checkpoint said it first noticed a report of a crypto wallet stolen by AirDrop NFT, prompting the agency to investigate at Opensia. It reveals critical security discoveries that “if exploited, hackers could hijack user accounts and steal users’ entire crypto wallets, sending malicious NFT,” the company said.
The attack relies on user inattention and opensia already generates lots of pop-ups. If the victim sees and sees a malicious NFT sent by a hacker, it launches a pop-up from the OpenStore storage domain, requesting a connection to the victim’s cryptocurrency wallet. Clicking on popups gives hackers access to wallets and allows them to create other popups. If the user clicks without seeing a note describing the transaction, the attacker could theoretically steal all their money.
It seemed that a lot needed to go wrong for the attack to work and it is not clear whether it was actively exploited. Checkpoint said it had identified the vulnerability as soon as it was found, and Opensia said it had implemented an amendment “within an hour of bringing it to our attention.” The company said it was adding a blog series and taking other measures to “double community education in the vicinity of safety”.
The security research firm says that given the rapid pace of innovation, “there is an inherent challenge to securely integrate software applications and crypto markets.” Bad actors are also attracted to crypto like fetuses Chocolate bread, So we will probably hear of similar attacks in the near future.
All products offered by Engadget are selected by our editorial team, independent of our parent company. Some of our stories have affiliate links. If you buy something through one of these links, we can earn an affiliate commission.