Security News > 2021 > October > OpenSea NFT platform bugs let hackers steal crypto wallets ?
Security researchers found that an attacker could leave OpenSea account owners with an empty cryptocurrency balance by luring them to click on malicious NFT art.
Details emerged today about an issue on the OpenSea platform that let hackers hijack user accounts and steal the associated cryptocurrency wallets.
Multiple users reported empty cryptocurrency wallets after receiving gifts on the OpenSea marketplace, a marketing tactic known as "Airdropping" and used to promote new virtual assets.
An OpenSea account requires a third-party cryptocurrency wallet from a list that the platform supports.
The OpenSea platform lets anyone sell digital art, which can be files as large as 40MB with any of the following extensions: JPG, PNG, GIF, SVG, MP4, WEBM, MP3, WAV, OGG, GLB, GLTF. Knowing this, Check Point uploaded to the OpenSea system an SVG image that carried malicious JavaScript code.
With a transaction domain from the OpenSea platform and action that victims typically see with other NFT operations, it is easy to see how users could have fallen victims.
News URL
Related news
- Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Radiant links $50 million crypto heist to North Korean hackers (source)
- New fake Ledger data breach emails try to steal crypto wallets (source)