At the time this was written, the team had found almost $25 million worth of NFTs that had been hacked through offline signatures.
A wallet security team put out a real-time dashboard that community members can use to find, track, and keep an eye on possible nonfungible token (NFT) hacks in the OpenSea marketplace by using offline signatures.
The team behind the cryptocurrency wallet ZenGo says they used a simple method to make an NFT hack detector. This means keeping track of realized NFT trades on the NFT marketplace and comparing the amount of the trade to the floor price of the NFT collection. If the difference between the two trade values seems too small, it will be flagged as a possible hack.
At the time of writing, the dashboard showed that offline signatures had been used to hack almost $25 million worth of NFTs. First, this kind of hack doesn’t have a way for users to see what the messages they have to sign mean. This means that users must “blindly trust” the message and “blindly sign them.“ Be’ery also said that this kind of hack involves the contracts of platforms and that platforms share some of the blame in these situations.
When asked what the community could do to fix this problem, the wallet executive said that there isn’t a good solution right now. He explained that: “Users can use some proprietary browser extensions that give some visibility into some offline signatures, but does not cover all offline signatures and needs to be updated whenever a new form of offline signature is added.”
The ZenGo team says that they have also started working with the Ethereum Foundation, various decentralized applications, and other wallets to support a draft Ethereum Improvement Proposal (EIP) that would fix the problem if it were implemented.
Be’ery said: “The EIP allows a contract to describe the exact meaning of the offline signature, such that the wallet app can display it to the user and then the user can make an informed decision on whether or not they want to sign the offline signature and don’t need to blindly sign.”
In the same way, the other entities within the community have also been issuing warnings over gasless transactions on OpenSea. The anti-theft project Harpie warned the community on December 23 about a private auction scam that could hurt people who use the NFT marketplace. Blindly approving signatures is also part of the scam.
Content Source: cointelegraph.com
Cover Image Source: bleepingcomputer.com