Major security threat to users’ identities fixed at OpenSea 

Major security threat to users’ identities fixed at OpenSea 

Imperva, a cybersecurity company, identified a significant security threat in the OpenSea NFT marketplace. Had it not been fixed, the threat would have enabled the attackers to access users’ personal information once exploited.

The reason behind the vulnerability 

The Impreva researchers identified the misconfiguration of the marketplace’s IFrame resizer library as the main cause of the vulnerability. This was identified as a cross-site search (XS-Search) vulnerability. Cross-origin communication was not restricted on this library, causing OpenSea’s vulnerability.

The attackers only needed an email and an IP address to a specific NFT, enabling them to access the wallet and reveal the user’s identity. According to Imperva, the attackers would send a link through SMS or email to unsuspecting users, and upon clicking, their device details, IP addresses, and software versions would be revealed.

This would deanonymize the marketplace’s users, which would have been lethal to its business.

The exploitation mechanism 

Once the vital details are identified, the hackers use the vulnerability to acquire the user’s name. The leaked wallet address would then get associated with the phone number and email to which the link was initially sent. 

If this were exploited, the attackers would have easily launched phishing attacks or tracked users who had bought the highest value NFTs.

According to Imperva, Opensea quickly fixed the issue by introducing a patch that blocks cross-origin communication mitigating the risks involved.

Previous vulnerabilities at OpenSea

OpenSea is the largest NFT marketplace with over a million registered users; this makes it a target for cybercriminals who would like to exploit any vulnerability on the platform for their benefit. In February 2022, the platform faced a major security threat, leading to a $1.7 million loss.

The marketplace was soon after attacked on its discord channel when the attackers posted fake collaboration news on the platform with a link to a phishing site.

Follow Us on Google News