OpenSea, a popular marketplace for non-fungible tokens, has closed an NFT phishing loophole discovered by Check Point Research, a division of publicly traded security firm Check Point Software Technologies.
- The company said that it notified OpenSea of the vulnerability on Sept. 26 and that OpenSea fixed the issue and verified the fix within an hour.
- “It’s important to note had an attacker attempted to take advantage of this flaw, the end user would have needed to approve the malicious transaction through a wallet signature,” OpenSea wrote in its own blog post about the issue on Wednesday. It said it hadn’t been able to identify any instances where the vulnerability was exploited.
- The phishing attack is a common tactic in the world of NFTs – thieves will send fishy tokens to public addresses on the Ethereum blockchain and wait for users to interact with them.
- Scams are still pervasive on the platform, and throughout crypto in general, as CoinDesk outlined in this piece on NFT phishing schemes.
CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.