Researchers have warned users of the ‘malicious NFT’ attack


Gullible OpenSea users

Pictures: Edward Smith (Getty Images)

The open sea, The world’s largest market for NFTs, says it has recently identified security flaws that allow users of bad actors to steal digital crypto wallets. Researchers brought these flaws to market through Checkpoint, an Israeli-based cybersecurity company that said fraudsters using “malicious NFT” could target users of the platform.

Mushroomless tokens, Crypto insanity that turns something into a unique blockchain asset – or At least gives users a unique digital Receipt Say they own an asset– Still big. OpenSea, which is looking at over one billion dollars in NFT transactions On his platform In any month, the internet is the biggest market for them. However, the company has had some problems lately An emergence in the report The scandal of hurting his customers. Checkpoint researchers say they have begun looking for potential security flaws on OpenCy’s platform after reading about the scandals.

Checkpoint ultimately found nothing unsafe about the platform. Rather, researchers have uncovered a method by which an unscrupulous person could deceive an erroneous crypto user to open their digital wallet – in other words, a classic Social engineering project.

The method is “malicious” NFT, or basically Trojan-ized digital art that can be used to entice users to open their financial accounts to strangers on the Internet. The researchers said that an image file that is airdropped on the OpenSphere platform and given to a user for free can be pre-loaded with a load that allows that user to steal funds. When viewed, NFT subsequently deploys a series of malicious pop-ups styled to look like them from Opensia, prompting the user to attach them to their digital wallet. If a user is anonymous enough to sign in to these weird, unusual prompts, they will open themselves up to jack up all their money.

However, Opensia noted that such a prompt would be an “unusual occurrence” for users যেমন such as third-party images in Opensia “not requesting a wallet connection.” Checkpoint acknowledges that such scams will require “unexpected behavior” from the fraudster that “does not relate to services provided by the Openness Platform, such as buying, offering or favoring an item.” In other words, to claim your free online prize you have to look at a bunch of red flags and fly them right behind them – which, if we are honest, you can easily imagine some people.

In short, these attacks, when possible, are unlikely to succeed in most cases – perhaps this is why Opensia reports that they are “unable to identify any instances where this vulnerability was exploited.” OpenSea says they have Is taken later Measures to stop this scandal on their platform.

“Security is fundamental to opensia. We commend the CPR team for pointing us to this vulnerability and for cooperating with us as we have investigated the matter and implemented a solution within an hour of bringing it to our attention, ”the company said in a statement.

“I believe that the results of our research and the rapid action of OpenSyria will prevent users from stealing crypto wallets,” said Oded Vanunu, head of Checkpoint’s product vulnerability research. “Blockchain innovation is accelerating and NFTs are here to stay. Given the rapid pace of innovation, there is an inherent challenge to securely integrate software applications and crypto markets.

True. But why not just avoid headaches, save yourself a bunch of money and invest in NFT at all? I am submitting it as an alternative threat mitigation method.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *