Connect with us


OpenSea fixes a major vulnerability that could have leaked your identity



OpenSea fixes a major vulnerability that could have leaked your identity
Source: Unsplash

  • The loophole on OpenSea when successfully exploited could have allowed the attacker to obtain the identities of users.
  • OpenSea quickly fixed the issue after the vulnerability came to the fore.

Cyber security company Imperva detected a major vulnerability on popular NFT marketplace OpenSea, which when successfully exploited, could allow the attacker to obtain the identities of users on the platform.

According to Imperva, the misconfiguration of the iFrame-resizer library used by OpenSea was the main reason behind the vulnerability.

Providing more details about the exploitation mechanism for the issue, Imperva stated that the attacker would send a link through email or SMS.

If the victim clicks on the link, vital information such as the target’s IP address, user agent, device details, and software versions would be retrieved.

Cross-site search vulnerability would then be exploited to get the target’s NFT names and the attacker would then associate the leaked NFT/public wallet address with the email or phone number where the link was initially sent to.

However, Imperva’s report mentioned that OpenSea had fixed the issue after it was reported and the marketplace was no longer at risk of such attacks

Tainted Past

OpenSea has faced serious concerns over the platform’s security in the past. In February 2022, it was at the center of one of the biggest hacks in the NFT ecosystem.

During the exploit, $1.7 million worth of NFTs were stolen from users’ wallets. The breach was acknowledged by OpenSea CEO Devin Finzer.

In less than three months, the marketplace was hit again when its discord channel was compromised. The hackers posted a fake YouTube collaboration news that included a link to a phishing site.

The impact of the hacks made OpenSea take some concrete steps to safeguard its users. Last month, it introduced a grace period of three hours during which sellers will be prevented from accepting offers after a supposed sale.

Trading activity declines

Meanwhile, OpenSea saw a significant dip in the trading activity on the platform since mid-February. The weekly NFT trading plunged 40% until press time, as per data from Token Terminal.

As a consequence of this, the royalties paid to creators also declined. The weekly supply-side fees plunged 40% at the time of writing, which could dissuade interested creators from listing their work on the marketplace.

Source: Token Terminal

OpenSea had been hit hard because of the Blur [BLUR] storm that swept the NFT marketplace ecosystem. As per data from Dune Analytics, OpenSea’s share in the total trading volume across all marketplaces was reduced to 26%.

However, it still managed to hold on to a significant chunk of the user base and the total number of sales, with a dominance of 62.8% and 51% respectively.

Source: Dune Analytics

Read the best crypto stories of the day in less than 5 minutes

Subscribe to get it daily in your inbox.

Please select your Email Preferences.

Ser Suzuki Shillsalot has 8 years of experience working as a Senior Investigative journalist at The SpamBot Times. He completed a two-hour course in journalism from a popular YouTube video and was one of the few to give it a positive rating. Shillsalot's writings mainly focus on shilling his favourite cryptos and trolling anyone who disagrees with him. P.S - There is a slight possibility the profile pic is AI-generated. You see, this account is primarily used by our freelancer writers and they wish to remain anonymous. Wait, are they Satoshi? :/

Click to comment

Leave a Reply

Your email address will not be published.

Disclaimer: AMBCrypto's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.