OpenSea fixes a major vulnerability that could have leaked your identity
Cyber security company Imperva detected a major vulnerability on popular NFT marketplace OpenSea, which when successfully exploited, could allow the attacker to obtain the identities of users on the platform.
According to Imperva, the misconfiguration of the iFrame-resizer library used by OpenSea was the main reason behind the vulnerability.
Providing more details about the exploitation mechanism for the issue, Imperva stated that the attacker would send a link through email or SMS.
If the victim clicks on the link, vital information such as the target’s IP address, user agent, device details, and software versions would be retrieved.
Cross-site search vulnerability would then be exploited to get the target’s NFT names and the attacker would then associate the leaked NFT/public wallet address with the email or phone number where the link was initially sent to.
However, Imperva’s report mentioned that OpenSea had fixed the issue after it was reported and the marketplace was no longer at risk of such attacks
OpenSea has faced serious concerns over the platform’s security in the past. In February 2022, it was at the center of one of the biggest hacks in the NFT ecosystem.
During the exploit, $1.7 million worth of NFTs were stolen from users’ wallets. The breach was acknowledged by OpenSea CEO Devin Finzer.
<p lang=«en» dir=«ltr» xml:lang=«en»>Another update: over the last few hours we’ve talked to dozens of people, teams, and projects across the NFT space. https://t.co/fB5r3cMA1r— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022
In less than three months, the marketplace was hit again when its discord channel was compromised. The hackers posted a fake YouTube collaboration news that included a link to a phishing site.
The
Read more on ambcrypto.com
