OpenSea patches vulnerability that potentially exposed users’ identities

Read full article at News.

Nonfungible token marketplace OpenSea has reportedly patched a vulnerability that, if exploited, could have exposed identifying information about its anonymous users. 

In a March 9 blog post blog, cybersecurity firm Imperva detailed how it discovered the vulnerability, which it claimed could deanonymize OpenSea users “by linking an IP address, a browser session, or an email in certain conditions” to an NFT.

As the NFT corresponds to a cryptocurrency wallet address, a user’s real identity could be revealed from the information gathered and linked to the wallet and its activity, Imperva explained.

The exploit is understood to have taken advantage of a cross-site search vulnerability. Imperva claimed OpenSea had misconfigured a library that resizes webpage elements that load HTML content from elsewhere that are typically used to place ads, interactive content, or embedded videos.

As OpenSea didn’t restrict this library’s communications, exploiters could use the information it broadcasts as an “oracle” to narrow down when searches return no results as the webpage would be smaller.

Imperva detailed that an attacker would send their target a link through email or SMS, which if clicked “reveals valuable information, such as the target’s IP address, user agent, device details, and software versions.”

Screenshot of OpenSea’s front page. Source: OpenSea

The attacker would then use OpenSea’s vulnerability to extract the NFT names of their target and associate the corresponding wallet address with identifying information such as an email or phone number which was sent the original link.

Imperva said OpenSea “quickly addressed the issue” and properly restricted the library’s communications, reporting that the platform “was no longer at risk of such attacks.”

Related: Security team creates dashboard to detect potential NFT hacks in OpenSea

Users of the platform have long been victims of attacks that mimic OpenSea’s functions to undertake exploits, such as phishing websites that resemble the platform or signature requests appearing to originate from OpenSea.

OpenSea itself has faced criticism for its platform security due to a major phishing attack in February 2022 that resulted in over $1.7 million worth of NFTs being stolen from users.

As for the recent patch, it’s unknown how long it existed or if any users had been affected by the exploit.

OpenSea did not immediately respond to Cointelegraph’s request for comment.

This article is strictly for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. does not provide investment, tax, legal, business or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any loss or damage caused or alleged to be caused by, or in connection with, the use of or reliance on any content, goods, services or opinions mentioned in this article.

#Bitcoin #Crypto #Cryptocurrency

Related articles

These 5 Cryptos Are Seen Shooting Up In Price With Bitcoin This Week – Here’s Why

Read full article at Bitcoinist.After Bitcoin led the rally among top cryptos yesterday and breaching the $28,000 level, there has been a reversal in the sentiment surrounding the digital currency market. According to CoinMarketCap, the total market valuation of cryptocurrencies rose by 2.17% in the past 24 hours, leading to investors grabbing profits as prices […]

Learn More

SEC files lawsuit against Tron’s Justin Sun and celebrities over crypto securities offering

Read full article at News. Among the celebrities who settled with the SEC for their alleged role in promoting TRX and BTT were actress Lindsay Lohan, YouTuber Jake Paul, and singer Akon. News Own this piece of history Collect this article as an NFT The United States Securities and Exchange Commission, or SEC, has […]

Learn More

Chair of EU Parliament’s Committee on Budgets Calls for Crypto Ban Amid Banking Turmoil

Read full article at Bitcoin News.A European lawmaker has urged authorities to impose a ban on cryptocurrencies citing the current crisis in the banking sector as a reason. Johan Van Overtveldt, former finance minister of Belgium, believes these assets bring no economic or social value. Belgium’s Ex-Finance Minister Suggests Ban on Decentralized Digital Currencies Member […]

Learn More