SHOW ALL

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

OpenSea’s security team creates dashboard to find potential NFT hacks

OpenSea's security team creates dashboard to find potential NFT hacks

At the time this was written, the team had found almost $25 million worth of NFTs that had been hacked through offline signatures.

A wallet security team put out a real-time dashboard that community members can use to find, track, and keep an eye on possible nonfungible token (NFT) hacks in the OpenSea marketplace by using offline signatures.

The team behind the cryptocurrency wallet ZenGo says they used a simple method to make an NFT hack detector. This means keeping track of realized NFT trades on the NFT marketplace and comparing the amount of the trade to the floor price of the NFT collection. If the difference between the two trade values seems too small, it will be flagged as a possible hack.

At the time of writing, the dashboard showed that offline signatures had been used to hack almost $25 million worth of NFTs. First, this kind of hack doesn’t have a way for users to see what the messages they have to sign mean. This means that users must “blindly trust” the message and “blindly sign them.“ Be’ery also said that this kind of hack involves the contracts of platforms and that platforms share some of the blame in these situations.

When asked what the community could do to fix this problem, the wallet executive said that there isn’t a good solution right now. He explained that: “Users can use some proprietary browser extensions that give some visibility into some offline signatures, but does not cover all offline signatures and needs to be updated whenever a new form of offline signature is added.”

The ZenGo team says that they have also started working with the Ethereum Foundation, various decentralized applications, and other wallets to support a draft Ethereum Improvement Proposal (EIP) that would fix the problem if it were implemented.

Be’ery said: “The EIP allows a contract to describe the exact meaning of the offline signature, such that the wallet app can display it to the user and then the user can make an informed decision on whether or not they want to sign the offline signature and don’t need to blindly sign.”

In the same way, the other entities within the community have also been issuing warnings over gasless transactions on OpenSea. The anti-theft project Harpie warned the community on December 23 about a private auction scam that could hurt people who use the NFT marketplace. Blindly approving signatures is also part of the scam.

Content Source: cointelegraph.com

Cover Image Source: bleepingcomputer.com

About Tina

Tina concentrates on all matters related to NFT and Web3. Tina uses social media to spot NFT trends and report unique news.

SHARE:
Latest NFT News, Trendings and Tutorials, right in your inbox, every Monday

IMPORTANT DISCLAIMER: All content provided here in our website, hyperlinked sites, social media accounts and other platforms are for your general information only, procured from third party sources. We make no warranties of any kind in relation to our content. No part of the content that we provide constitutes financial advice, legal advice or any other form of advice meant for your specific reliance for any purpose. Any use or reliance on our content is solely at your own risk and discretion. You should conduct your own research, review, analyse and verify our content before relying on them.

Related Posts