Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

OpenSea hack shows why crypto security must be improved

OpenSea hack shows why crypto security must be improved

Breach that are simple to stop, like the phishing attack that cost OpenSea $1.7 million, must stop for cryptocurrency to be widely used.

A significant phishing attack that cost users nonfungible tokens (NFTs) worth more than $1.7 million was launched against OpenSea in February 2022. It wasn’t the first time something similar occurred. Blockchain users reportedly lost $3.9 billion to fraud in 2022 alone.

There were numerous pledges to make the cryptocurrency space safer as 2023 drew closer. However, not much has changed thus far. However, blockchain-using businesses fall short in their efforts to thwart fraud.

Companies must transform their operations from the ground up if blockchain technology is to be widely adopted. As the market expands, these platforms can provide better service to their users by putting more effort into education and making it simpler to identify inappropriate behavior.

Blockchain platforms must discover malicious activity

Blockchain platforms must learn to recognize inappropriate behavior.
People were asked to sign an incomplete contract in the OpenSea hack, seemingly at the platform’s request. The open-source Wyvern Protocol allowed the fake accounts to take advantage of OpenSea despite the main infrastructure not being compromised. The owner’s signature was then used by hackers to transfer to a fictitious contract, giving them ownership without having to pay for the NFTs.

The company recently modified some of its previous policies in response to claims that 80% of the free NFTs created on OpenSea were duplicates or spam. When developers use OpenSea’s API, they rely on their good faith, which is not a foolproof method of risk assessment. These programmers might take advantage of people who sign contracts without reading them by using the API in an unethical manner.

The blockchain engine, which powers everything from NFT exchanges to genuine decentralized applications, is heavily reliant on smart contracts. It’s important to understand how these contracts function in order to keep users secure. Companies don’t have to start from scratch to ensure that smart contracts are trustworthy and protected from fraud. Instead, they can use standard protocols. From there, businesses can use the blockchain’s adaptability to customize their contracts to suit their requirements, such as by setting up multisignature wallets and regularly performing unit tests.

Don’t trust spammy airdrops

There is no way to distinguish which of the popular Mutant Hounds collections in OpenSea’s top collections is authentic. Lack of verification can result in the creation of phony collections with inflated prices that fool customers. Finding fake collections that are distributed via airdrops is frequently done using the search feature on an NFT platform.

Airdrops can be used by spam collections to send NFTs to users who didn’t request them. Instead of being directed to the platform where they have a collection, such as OpenSea, where the scam occurs, users will be taken to another website.

This is a widespread risk that can be mitigated by platforms that monitor this type of activity, either through the use of a crowdsourced database that keeps track of fake accounts or through the use of an administrative tool that is trained to spot scams and is constantly informed about new ones. NFT platforms may also request that bids be submitted in the same currency as the listing in order to reduce confusion. Many people have fallen victim to con artists when they took an offer in a currency that was inferior to the one in which they listed the NFT for sale. Blockchain platforms can flag suspicious activity based on a small number of holders acting in a way that deviates from the norm in order to find outliers in the data.

Of course, it’s crucial to keep in mind that it’s challenging for businesses like OpenSea to prevent fake accounts from profiting on their platform. It usually comes down to the need for more thorough inspection of the official collection.

Onboarding is a vital part of the business plan

Onboarding should be a vital aspect of the experience for both new and experienced blockchain users. Like smart contracts, one of the most significant best practices for ensuring user safety should be seen as setting clear rules for users and alerting them to potential risks. These guidelines should be periodically reviewed with a risk assessment in mind and updated as necessary as blockchain technology develops.

Long-time blockchain users frequently abbreviate their usage as “DYOR.” Do your own research is an idiom that has come to be accepted by those who deal with investment opportunities. Nevertheless, it can be challenging for new users to know where to begin. The information coming from influential people in the field is often contradictory. They frequently promote risky investments and the newest big thing, which can result in fraud or the loss of assets. A platform’s value system and risks should be taken into account when developing guidelines and educational materials.

Blockchain platforms should prioritize best practices

Companies should learn from significant hacks like the ones on OpenSea and strengthen their security protocols to ensure that this doesn’t happen again as the blockchain community currently experiences growing pains. Learning the fundamentals of technology, such as smart contracts and how to protect your seed phrase, should be the first step. From there, you can learn how to implement and maintain best practices, such as identifying those who are acting improperly or creating a problem. If someone had just noticed that something didn’t seem right, some of the most recent significant hacks might have been stopped.

Content Source:

About MahKa

MahKa loves exploring the decentralized world. She writes about NFTs, the metaverse, Web3 and similar topics.

Latest NFT News, Trendings and Tutorials, right in your inbox, every Monday

IMPORTANT DISCLAIMER: All content provided here in our website, hyperlinked sites, social media accounts and other platforms are for your general information only, procured from third party sources. We make no warranties of any kind in relation to our content. No part of the content that we provide constitutes financial advice, legal advice or any other form of advice meant for your specific reliance for any purpose. Any use or reliance on our content is solely at your own risk and discretion. You should conduct your own research, review, analyse and verify our content before relying on them.

Related Posts