OpenSea Says It Patched an NFT Phishing Vulnerability
The NFT marketplace said it fixed the loophole as soon as it was notified by a security firm and no accounts were compromised.
Updated May 11, 2023 at 5:46 p.m. UTC
OpenSea, a popular marketplace for non-fungible tokens, has closed an NFT phishing loophole discovered by Check Point Research, a division of publicly traded security firm Check Point Software Technologies.
- The company said that it notified OpenSea of the vulnerability on Sept. 26 and that OpenSea fixed the issue and verified the fix within an hour.
- “It’s important to note had an attacker attempted to take advantage of this flaw, the end user would have needed to approve the malicious transaction through a wallet signature,” OpenSea wrote in its own blog post about the issue on Wednesday. It said it hadn’t been able to identify any instances where the vulnerability was exploited.
- The phishing attack is a common tactic in the world of NFTs – thieves will send fishy tokens to public addresses on the Ethereum blockchain and wait for users to interact with them.
- Scams are still pervasive on the platform, and throughout crypto in general, as CoinDesk outlined in this piece on NFT phishing schemes.