Security News > 2021 > October > OpenSea NFT platform bugs let hackers steal crypto wallets
Security researchers found that an attacker could leave OpenSea account owners with an empty cryptocurrency balance by luring them to click on malicious NFT art.
Details emerged today about an issue on the OpenSea platform that let hackers hijack user accounts and steal the associated cryptocurrency wallets.
Multiple users reported empty cryptocurrency wallets after receiving gifts on the OpenSea marketplace, a marketing tactic known as "Airdropping" and used to promote new virtual assets.
An OpenSea account requires a third-party cryptocurrency wallet from a list that the platform supports.
The OpenSea platform lets anyone sell digital art, which can be files as large as 40MB with any of the following extensions: JPG, PNG, GIF, SVG, MP4, WEBM, MP3, WAV, OGG, GLB, GLTF. Knowing this, Check Point uploaded to the OpenSea system an SVG image that carried malicious JavaScript code.
With a transaction domain from the OpenSea platform and action that victims typically see with other NFT operations, it is easy to see how users could have fallen victims.
News URL
Related news
- AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)