According to a study released on October 13 by Check Point Research, several users’ accounts in the OpenSea NFT marketplace had been reported to be hijacked since last month. A number of flaws in the protocol led to the theft of users’ crypto wallets there via malicious NFTs being sent in their place.
OpenSea is known as the largest peer-to-peer marketplace for digital collectibles and non-fungible tokens, or NFTs. With a transaction volume of more than $3 billion in August 2021, OpenSea has evolved to become the cryptocurrency world’s biggest marketplace for non-fungible tokens.
Without doubt, the popularity of non-fungible tokens (NFTs) has skyrocketed in recent months. Unfortunately, this shift has seen an unprecedented exploitation by a number of individuals as hackers are now trying to use malicious NFTs in an attempt to steal from crypto wallets.
Hacking Event Breakdown
In the case of OpenSea, a vulnerable part of the security system allowed hackers to submit files carrying a malicious payload. The file upload will take place on Opensea storage, and users will still be able to access it through the OpenSea subdomain.
OpenSea has made a public statement in which it expressed gratitude to the Check Point Research team for alerting them to the system’s malfunction.
In addition, according to OpenSea, users’ permission for harmful actions carried out via third-party wallet providers was needed for the hacking to take place. As a result, there is a risk that consumers may connect their wallets and authorise fraudulent transactions.
NFTs As Potential Target For Hacking Activities
Consumer wallets are a frequent target for hackers looking to steal money from their victims since cryptocurrencies are yet to be regulated in many countries.
An investigation may start in the coming months and should involve the issue of NFTs free airdropping, which are used as means for account hacking and crypto theft, among other things.
NFTs themselves and NFT airdrops were not the causes for this problem. Yet, when a victim has access to a ‘malicious’ NFT, they will not be able to know whether it is or not because the hacking codes would have been embedded within the digital work.
As NFT platforms require a signature in order to connect to a digital wallet when doing any transaction, if the user agrees, the hackers will get access to the user’s wallet and financial information, which they will use to perpetrate fraud.
What You Can Do to Protect Yourself
If you get requests to sign into your wallet online, you should always act with caution. It is impossible to emphasise enough the significance of thoroughly examining each request before granting it. You should also evaluate if the request is unusual or suspicious. If you have any reservations about the request, you should refuse it and do further research before granting such permission.
We Want To Hear From You
What is your opinion on this development? Share your thoughts with us in the comments below.