Cyber-threat intelligence firm, Check Point Research has revealed that NFT crypto marketplace, OpenSea has began the fixing of vulnerabilities that could potentially expose accounts to Non-fungible tokens (NFT) hacks on digital wallets and drain it.
OpenSea, had recently experienced security issues, with reports of scams reaching its userbase hitting the forefront.
The researchers at Check Point have now revealed they have begun an examination on what may factor the security defects in the platform.
The researchers did not at first discover any lapse in the security framework of OpenSea but one thing was unsheltered: a conniving technique known as ‘social engineering scheme’, a method by which an NFT hacker will be able to mislead crypto users to unveil their digital wallets.
The social engineering scheme, once it succeeds in getting a crypto user to reveal his or her digital wallets, will go ahead to implement malicious NFTs to make users open their financial accounts to an anonymous person on the internet, making the user wallet susceptible to hacks.
Gizmodo elaborated Check Point’s research process when it wrote. “An image file, airdropped onto OpenSea’s platform and offered for free to a user, can be pre-loaded with a payload that allows the thieving of that user’s funds. When viewed, the NFT subsequently deploys a series of malicious pop-ups, styled to look like they are from OpenSea itself, which requests that the user connect their digital wallet”.
Immediately the user signs off the prompts, the account are exposed to different malicious activities that would make the end product become losing access to their financial wallet, with his or her account drained by an NFT hacker.
OpenSea further noted that it would be weird for users to receive such prompts as the third-party photo on the platform does not lead to a “request for a wallet connection.”
Check Point in parallel highlighted Open Sea’s position on this, adding that this sort of hoaxes would heavily rely on “unexpected behavior” from the person deceiving the user.
For the malicious activity to succeed, users would have overlooked a number of warnings and signs on the OpenSea platform, for the scammers to have their way.
In summary, in the probable likelihood of the attack as enumerated by CheckPoint, the chances of success of the scam is very slim as OpenSea has in many cases revealed that it was not able to detect any occurrences where this scam flourished.
“Security is fundamental to OpenSea. We appreciate the CPR team bringing this vulnerability to our attention and collaborating with us as we investigated the matter and implemented a fix within an hour of it being brought to our attention,” OpenSea said in a statement.