Over the years, as the crypto sector keeps evolving, hackers have always schemed new ways to steal crypto assets and digital tokens from unsuspecting users. With the introduction of each new sector such as the decentralized finance (DeFi) sector and most recently the NFT sector, hackers find ways in which they can gain access to the wallet of users and make away with their hard-earned crypto assets.
Recently there was a bug in the OpenSea protocol that hackers could exploit to steal the entire assets in a user’s crypto wallet.
Hackers Exploit Bug on OpenSea Platform
Over the last few weeks, users who have received gifts on the OpenSea marketplace have reported cases of lost crypto wallets or having a zero balance in their crypto wallets. Some of these cases have been reported on popular social media platforms such as Twitter.
According to Check Point Software, a security research firm, the OpenSea site had a critical security weakness that would have given hackers access to a client’s whole crypto wallet. The security firm Check Point Software initially saw the report of stolen crypto wallets from clients who were occupied with NFT airdrops.
This prompted the need to research the OpenSea site. The examinations lead to a disclosure of a bug that if exploited, could empower hackers to hijack user accounts and take the whole crypto resources in a client’s wallet by sending malicious NFTs.
Theoretically, this is what the attack would look like:
- The assailant makes and transfers a malicious NFT as a gift to a crypto user through giveaways or airdrops.
- The victim right-clicks the picture from the malicious NFT and opens it in another tab on their browser. This activity will trigger a pop-up from an outsider wallet supplier from the OpenSea storage domain requiring a connection to the victim’s third-party wallet.
- If the victim clicks to connect their third-party wallet, another pop-up will be introduced requesting that the victim sign a transaction that will transfer things or assets to the hacker. A crypto user who reads the dotted lines will recognize this and reject the exchange as opposed to signing it.
Nonetheless, if the victim does not read the information on the pop-up and signs the exchange, this gives the hacker access to the victim’s wallet and the hacker is allowed to take every one of the resources in that wallet.
OpenSea fixed the weakness after Check Point Software presented its disclosures to the NFT commercial center. OpenSea reported that it carried out a fix inside an hour after they were informed of the issue. The marketplace likewise expressed that it is doubling down on teaching users about cyber security and how to secure their wallets.
How Users Can Protect Themselves
OpenSea additionally urges users to take the necessary actions to secure their crypto wallets. One of such activities is for users to be cautious when getting requests to sign a transaction on the marketplace.
Prior to approving a request for your signature, it is important that you cautiously go through what is being requested and examine if the request is dubious or genuine. If you have questions about the content of the request, you should reject that request. You can likewise check if the request coordinates with the expected action.
For instance, OpenSea doesn’t demand signatures if you click on a third-party photo. So, if you get a request to connect your wallet after you click a picture from a third-party website or image, this is abnormal, and you should not proceed with signing such a request.
How to Secure Your Crypto Wallets
Cyber protection is a vital topic, and everybody is needed to keep their private data and above all crypto-assets safe and secure. One of the most solid ways of protecting your crypto resource is by utilizing a hardware wallet. In case you are into collecting or purchasing and selling NFTs or some other digital assets, the most dependable place to store them is in a hardware wallet.
Another way con artists attempt to take your crypto resources is through phishing and hacking procedures. This is quite possibly the most common method with scammers attempting to get you to give up your wallet information to them. One of the data they need is your wallet seed express.
Some scammers use social platforms such as Twitter or Discord claiming to be Customer Support and request for your seed phrase to help take care of an issue for you. Always remember that no customer support will send you a message first to help solve a problem. Never give out your seed phrase or private key to anybody as this is one method for con artists to gain access into your wallet.
You can likewise utilize additional safety measures such as two-factor verification to further secure your crypto wallet. Also, you can use password generators to produce new passwords for your wallet with the goal that nobody can figure your wallet password based on a previous password you used.
The digital space keeps evolving and scammers and attackers are also evolving. These sets of people keep finding new ways to steal digital assets from unsuspecting users. Just like the bug discovered in the OpenSea marketplace, there are several other bugs and techniques that scammers can use to steal all your crypto assets.
You must take adequate measures to secure your crypto wallet and trade your NFTs on the OpenSea marketplace without fear of losing your assets.