OpenSea vulnerability allowed crypto stealing with malicious NFTs

Researchers investigated the issue in OpenSea after an increase in complaints about receiving and opening free airdropped NFTs to steal user funds.

The IT security researchers at Check Point identified critical security in OpenSea (OpenSea.io – the highly popular and world’s largest NFT marketplace), which would allow remote attackers to drain the wallets of unsuspecting users by stealing their funds.

NFT (non-fungible token) has become a profitable business allowing people to earn millions of dollars. At OpenSea alone there were transactions worth $3.4 billion in August . At the same time, NFT marketplaces have become a lucrative target for cybercriminals.

SEE: Official website of Banksy hacked for fake NFT scam

According to Check Point researchers, they investigated the issue in OpenSea after an increase in complaints about receiving and opening free airdropped NFTs to steal user funds. The vulnerabilities, if exploited, could have allowed attackers to hijack user account and steal cryptocurrency by crafting malicious NFTs.

However, a successful would require user interaction, for instance, viewing malicious NFTs would trigger a pop-up message from the official storage domain of OpenSea and request a connection to the user’s cryptocurrency wallet.

Accepting the connection request would

Read More: https://www.hackread.com/opensea-vulnerability-crypto-stealing-malicious-nfts/