OpenSea Says It Patched an NFT Phishing Vulnerability

The NFT marketplace said it fixed the loophole as soon as it was notified by a security firm and no accounts were compromised.

Oct 13, 2021 at 8:58 p.m. UTC
Updated Oct 14, 2021 at 1:12 p.m. UTC

Will Gottsegen is CoinDesk's media and culture reporter. He holds ETH and two NFTs above CoinDesk's disclosure threshold of $1000.

OpenSea, a popular marketplace for non-fungible tokens, has closed an NFT phishing loophole discovered by Check Point Research, a division of publicly traded security firm Check Point Software Technologies.

  • Check Point wrote about the discovery in a blog post on Wednesday and outlined the scam in a video, saying that clicking pop-ups associated with malicious, airdropped NFTs could have provided access to customers’ wallets.
  • The company said that it notified OpenSea of the vulnerability on Sept. 26 and that OpenSea fixed the issue and verified the fix within an hour.
  • “It’s important to note had an attacker attempted to take advantage of this flaw, the end user would have needed to approve the malicious transaction through a wallet signature,” OpenSea wrote in its own blog post about the issue on Wednesday. It said it hadn’t been able to identify any instances where the vulnerability was exploited.
  • The phishing attack is a common tactic in the world of NFTs – thieves will send fishy tokens to public addresses on the Ethereum blockchain and wait for users to interact with them.
  • Scams are still pervasive on the platform, and throughout crypto in general, as CoinDesk outlined in this piece on NFT phishing schemes.

Read more about
The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Will Gottsegen is CoinDesk's media and culture reporter. He holds ETH and two NFTs above CoinDesk's disclosure threshold of $1000.

CoinDesk - Unknown

Will Gottsegen is CoinDesk's media and culture reporter. He holds ETH and two NFTs above CoinDesk's disclosure threshold of $1000.

Trending

1
CoinDesk - Unknown
After the Terra Meltdown: What's Next for Stablecoins?

The largest token collapse in crypto history. So let Luna die.

The largest token collapse in crypto history. So let Luna die.

CoinDesk - Unknown
2
CoinDesk - Unknown
5 Key Takeaways From a16z's State of Crypto Report

The venture firm is extremely bullish on Web 3.

The venture firm is extremely bullish on Web 3.

CoinDesk - Unknown
3
CoinDesk - Unknown
Regulators Are Paying Attention to UST

The collapse of terraUSD (UST) is algorithmic stablecoins’ Libra moment.

The collapse of terraUSD (UST) is algorithmic stablecoins’ Libra moment.

CoinDesk - Unknown
4
CoinDesk - Unknown
San Francisco NFL Player Alex Barrett Taking His Salary in Bitcoin

The most valuable crypto stories for Thursday, May 20, 2022.

The most valuable crypto stories for Thursday, May 20, 2022.

CoinDesk - Unknown