OpenSea says it’s working with third-party wallet providers to help people recognize malicious signature requests. Still, for the most part, standard internet safety rules apply — don’t click on things that seem out of the ordinary, and definitely don’t confirm any transaction requests unless you’re entirely sure it’s something you want to do. Don’t sign things you haven’t read or don’t recognize While this particular attack required a lot of interaction (as well as at least some amount of inattention) from the target, it’s good to see Check Point’s confirmation that OpenSea has fixed it. It’s easy to imagine people new to NFTs potentially getting their wallets drained, and we’ve seen examples of bad actors and scammers in the crypto space. There are those who are willing to steal people’s Ethereum, pretend to be OpenSea support employees, or sell an almost certainly fake Banksy.
The potentially dangerous situation occurs when viewing the image by itself (by, say, right-clicking on it and hitting “open in new tab”). For users with a crypto-wallet browser extension like MetaMask installed, it initiates a popup asking to connect storage.opensea.io to their wallet. If the target clicks yes, the attackers could snag the wallet’s information and trigger another popup asking to approve a transfer from the victim’s wallet to their own. If you’re not paying attention or didn’t realize what was going on and confirmed the transfer, you could wind up losing everything in your wallet. Image: Check Point Research
OpenSea says in a statement that it hasn’t found any instances of someone actually carrying out that kind of attack — though it’s still unclear what happened to the people who say they were attacked. As far as I could find, there were only a few people talking about being hacked after receiving a gift NFT. The transfer confirmation message users may see while viewing an infected NFT.
OpenSea also announced on Monday that it would hide gifted NFTs from an account’s page by default if they’re from unverified collections and add an option to suspend your account from buying or selling NFTs if you think your wallet has been compromised.
The News Highlights
- OpenSea fixes vulnerabilities that could allow hackers to steal encryption with malicious NFTs
- Check the latest News news updates and information about business, finance and more.
For Latest News Follow us on Google News
- Show all
- Trending News
- Popular By week