Security firm finds flaw in OpenSea's NFT code

Multiple vulnerabilities were found

A security firm has recently found vulnerabilities in the platform used by OpenSea, the largest marketplace for NFTs.

Critical vulnerability

Security research firm Check Point Software started investigating OpenSea when they noticed reports of stolen crypto wallets triggered by airdropped NFTs. During the investigation, they discovered that the site had a critical security vulnerability "that, if exploited, could have led hackers to hijack user accounts and steal entire crypto wallets of users, by sending malicious NFTs."

How did it work?

Multiple Twitter users talked to Check Point Research, claiming that they got hacked after being gifted NFTs, which led the firm to notice accounts could get attacked this way. The exploit relied on users approving malicious activity to connect their wallets through a third-wallet provider, which then gave hackers full access to their OpenSea account.

Quickly fixed

If you’re an NFT creator or collector on OpenSea, don’t worry, Check Point Software worked with the marketplace, and in less than an hour, the issue was fixed. OpenSea is also working with third-party wallet providers to make sure this isn’t possible again in the future.

For more from us at Waivly, join our free fun-to-read and to-the-point newsletter enjoyed by hundreds of people across the internet every day of the week 👇