Cybercriminals exploited bugs in the world’s largest digital-goods marketplace to create malicious artwork offered as a perk to unsuspecting users.
Users of OpenSea, the world’s largest digital-collectible marketplace, have found their cryptocurrency wallets ripped off thanks to cyberattackers weaponizing security bugs that allowed them to highjack user accounts. The attacks revolved around boobytrapped art files, which circulated in the form of “free gifts.”
That’s according to Check Point Research, whose researchers looked into a series of claims that cryptocurrency balances were going poof for both market shoppers and merchants.
OpenSea is a peer-to-peer marketplace for virtual goods – a bit like the Etsy of non-fungible tokens (NFTs) and crypto collectibles. NFTs are a way to take reproduceable digital items such as photos, videos, audio and art files, and turn them into unique items; marketplaces use blockchain technology to establish a verified and public proof of ownership for such items. OpenSea has benefitted from the NFT boom, racking up $3.4 billion in transaction volume just in August.
Cybercriminals are of course drawn to such money hubs like moths to a flame – and they have been true to form with OpenSea, according to Check Point.