Today Monday, 16th September 2024
Breaking News
The NFT News

All about NFTs, Web3 and AI

advertisement

Menu

Major security threat to users’ identities fixed at OpenSea

Major security threat to users’ identities fixed at OpenSea

Imperva, a cybersecurity company, identified a significant security threat in the OpenSea NFT marketplace. Had it not been fixed, the threat would have enabled the attackers to access users’ personal information once exploited.

The reason behind the vulnerability 

The Impreva researchers identified the misconfiguration of the marketplace’s IFrame resizer library as the main cause of the vulnerability. This was
identified as a cross-site search (XS-Search) vulnerability. Cross-origin communication was not restricted on this library, causing OpenSea’s vulnerability.

The attackers only needed an email and an IP address to a specific NFT, enabling them to access the wallet and reveal the user’s identity. According to Imperva, the attackers would send a link through SMS or email to unsuspecting users, and upon clicking, their device details, IP addresses, and software versions would be revealed.

This would deanonymize the marketplace’s users, which would have been lethal to its business.

The exploitation mechanism 

Once the vital details are identified, the hackers use the vulnerability to acquire the user’s name. The leaked wallet address would then get associated with the phone number and email to which the link was initially sent. 

If this were exploited, the attackers would have easily launched phishing attacks or tracked users who had bought the highest value NFTs.

According to Imperva, Opensea quickly fixed the issue by introducing a patch that blocks cross-origin communication mitigating the risks involved.

Previous vulnerabilities at OpenSea

OpenSea is the largest NFT marketplace with over a million registered users; this makes it a target for cybercriminals who would like to
exploit any vulnerability on the platform for their benefit. In February 2022, the platform faced a major security threat, leading to a $1.7 million loss.

The marketplace was soon after attacked on its discord channel when the attackers posted fake collaboration news on the platform with a link to a phishing site.

Source: nft.news

Prev post Shiba Inu devs give the crypto community a glimpse of the incoming SHIB metaverse
Next post Binance partners with The Weeknd to release an NFT collection

Related Posts

One thought on “Major security threat to users’ identities fixed at OpenSea

  1. Pingback: Milady NFT floor price hikes following a tweet from Elon Musk | The NFT News

Leave a Reply

Your email address will not be published. Required fields are marked *

Read also x

How to become an AI expert in 2023?

How to become an AI expert in 2023?

Top 5 Free AI Courses from Microsoft and LinkedIn

Top 5 Free AI Courses from Microsoft and LinkedIn

Google Bard vs ChatGPT vs ERNIE Chatbots

Google Bard vs ChatGPT vs ERNIE Chatbots