On Wednesday, cybersecurity researchers disclosed that OpenSea, the world’s largest Non-Fungible Token (NFT) marketplace, had a security flaw that, if exploited, could have allowed hackers to hijack user accounts and steal the entire crypto wallets of users by sending fraudulent NFTs.
Check Point Research (CPR) investigated OpenSea, the world’s largest NFT marketplace, after the news of stolen crypto wallets triggered by free airdropped NFTs.
Critical security vulnerabilities in OpenSea’s platform were discovered as a result of the research.
The researchers promptly disclosed OpenSea of their findings, and the company responded by deploying the patch in less than an hour.
With $3.4 billion in transaction volume in August alone, OpenSea is known as the world’s largest NFT marketplace.
OpenSea said in a statement “These attacks would have relied on users approving malicious activity through a third-party wallet provider by connecting their wallets and providing a signature for the malicious transaction,”
The company added “We have been unable to identify any instances where this vulnerability was exploited but are coordinating directly with third-party wallets that integrate with our platform on how to help users better identify malicious signature requests, as well as other initiatives to help users’ thwart scams and phishing attacks with greater efficacy,”
NFTs allows anyone to buy and trade ownership of unique digital items in cryptocurrencies, as well as keep track of who owns them using the Blockchain. Technically speaking, NFTs can contain any digital content such as drawings, artworks, tweets, animated GIFs, songs, and even video games.
The investigation into OpenSea was spurred by reports of users receiving free airdropped NFTs.
Users should be cautious when accepting requests to sign their wallets online, according to the security researchers.
Commenting on the development, Oded Vanunu, Head of Products Vulnerabilities Research at Check Point Software, said “Given the sheer pace of innovation, there is an inherent challenge in securely integrating software applications and crypto markets,”
Vanunu added “We sternly warn the OpenSea community to watch out for suspicious activity that may lead to theft, as we believe bad actors will continue to expand their efforts, in order to hijack crypto wallets while exploiting system vulnerabilities,”