Researchers investigated the issue in OpenSea after an increase in complaints about receiving and opening free airdropped NFTs to steal user funds.
The IT security researchers at Check Point identified critical security vulnerabilities in OpenSea (OpenSea.io – the highly popular and world’s largest NFT marketplace), which would allow remote attackers to drain the crypto wallets of unsuspecting users by stealing their funds.
NFT (non-fungible token) has become a profitable business allowing people to earn millions of dollars. At OpenSea alone there were transactions worth us$3.4 billion in August 2021. At the same time, NFT marketplaces have become a lucrative target for cybercriminals.
According to Check Point researchers, they investigated the issue in OpenSea after an increase in complaints about receiving and opening free airdropped NFTs to steal user funds. The vulnerabilities, if exploited, could have allowed attackers to hijack user account and steal cryptocurrency by crafting malicious NFTs.
However, a successful attack would require user interaction, for instance, viewing malicious NFTs would trigger a pop-up message from the official storage domain of OpenSea and request a connection to the user’s cryptocurrency wallet.
Accepting the connection request would