Hackers Exploit OpenSea Bug to Perform Crypto Wallets Theft

The OpenSea NFT platform could be a new target in the hands of hackers. As per a new discovery, cybercriminals use malicious NFT art as bait, thus determining users to click on it. What this will do is empty their crypto wallets. This would be possible because of an OpenSea bug that might allow threat actors to engage in account hijacking.

The OpenSea Bug: Detailing the Issue

As BleepingComputer explains, an attack might happen like this: cybercriminals develop an NFT that contains a compromised payload, then they wait for users to discover it.

A common method, known as “airdropping”, has the role to bring to users’ attention new assets, so many of them reported earning such gifts that came from the OpenSea marketplace, and then, puf, their crypto wallets were emptied.

Image Source

Researchers Investigate the OpenSea Bug

Getting to know these issues, CheckPoint’s experts decided to investigate the OpenSea platform to see where the flaws lie. First of all, one has to own an OpenSea account. That’s why the experts under discussion chose MetaMask which is basically a third-party wallet present on the platform’s list. You have to choose one wallet from that list to create an OpenSea

Read More: https://heimdalsecurity.com/blog/hackers-exploit-opensea-bug-to-empty-crypto-wallets/