Teacher
Professional
- Messages
- 2,670
- Reaction score
- 819
- Points
- 113
The exploitation of the problems made it possible to seize control over user accounts and crypto wallets.
Check Point Software discovered critical vulnerabilities on the OpenSea marketplace website. The exploitation of the problems allowed hackers to take control of user accounts and crypto wallets by sending malicious NFT tokens.
The attack was based on user inattention and the fact that OpenSea generates a lot of pop-ups. If the victim received and viewed the malicious NFT token, it triggered a pop-up window from the OpenSea storage domain asking to connect to the victim's cryptocurrency wallet. Clicking on the popup gave the hacker access to the wallet and brought up another popup. If the user clicked on it without noticing the notes describing the transaction, the attacker could steal all the funds.
Security experts informed OpenSea of their findings, and the marketplace administration has released a fix for the problems.
Check Point Software discovered critical vulnerabilities on the OpenSea marketplace website. The exploitation of the problems allowed hackers to take control of user accounts and crypto wallets by sending malicious NFT tokens.
The attack was based on user inattention and the fact that OpenSea generates a lot of pop-ups. If the victim received and viewed the malicious NFT token, it triggered a pop-up window from the OpenSea storage domain asking to connect to the victim's cryptocurrency wallet. Clicking on the popup gave the hacker access to the wallet and brought up another popup. If the user clicked on it without noticing the notes describing the transaction, the attacker could steal all the funds.
Security experts informed OpenSea of their findings, and the marketplace administration has released a fix for the problems.
