Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
217796 THEVERGE 2021-10-13:
OpenSea fixes vulnerabilities that could let hackers steal crypto with malicious NFTs
1.000 Find similar Compare side-by-side
217878 ZDNET 2021-10-13:
Bugs allowing malicious NFT uploads uncovered in OpenSea marketplace
0.985 0.635 Find similar Compare side-by-side
218074 ZDNET 2021-10-15:
This malware botnet gang has stolen millions with a surprisingly simple trick
0.428 Find similar Compare side-by-side
218100 THEVERGE 2021-10-14:
Missouri governor threatens reporter who discovered state site spilling private info
0.423 Find similar Compare side-by-side
218077 THEVERGE 2021-10-14:
Signal’s founder is trolling with an NFT that’ll turn to shit if you buy it
0.382 Find similar Compare side-by-side
218212 ZDNET 2021-10-14:
Verizon-owned Visible acknowledges hack, confirms account manipulations
0.371 Find similar Compare side-by-side
217990 TECHREPUBLIC 2021-10-12:
What it costs to hire a hacker on the Dark Web
0.363 Find similar Compare side-by-side
218082 ARSTECHNICA 2021-10-14:
Verizon’s Visible cell customers hacked, leading to unauthorized purchases
0.355 Find similar Compare side-by-side
217869 ZDNET 2021-10-13:
1 in 15 organizations runs actively exploited version of SolarWinds: Report
0.354 Find similar Compare side-by-side
218060 VENTUREBEAT 2021-10-15:
Cybersecurity report reveals critical business vulnerabilities
0.353 Find similar Compare side-by-side
217855 TECHREPUBLIC 2021-10-13:
Dark Web: Many cybercrime services sell for less than $500
0.344 Find similar Compare side-by-side
217778 ZDNET 2021-10-13:
Scammers abused Apple developer program to steal millions from victims on Tinder, Bumble, Grindr, Facebook Dating
0.337 Find similar Compare side-by-side
218049 ZDNET 2021-10-14:
This new ransomware encrypts your data and makes some nasty threats, too
0.335 Find similar Compare side-by-side
217774 THEVERGE 2021-10-12:
Some of Verizon’s Visible cell network customers say they’ve been hacked
0.327 Find similar Compare side-by-side
218132 TECHREPUBLIC 2021-10-14:
How a vishing attack spoofed Microsoft to try to gain remote access
0.327 Find similar Compare side-by-side
218183 ZDNET 2021-10-14:
HP Wolf report highlights widespread exploitation of MSHTML, typosquatting and malware families hosted on Discord
0.323 Find similar Compare side-by-side
217762 THEVERGE 2021-10-13:
Visible confirms account breaches, blames ‘outside sources’
0.321 Find similar Compare side-by-side
218165 THEVERGE 2021-10-15:
Valve bans blockchain games and NFTs on Steam
0.299 Find similar Compare side-by-side
218154 ZDNET 2021-10-14:
Missouri governor faces backlash and ridicule for threatening reporter who discovered exposed teacher SSNs
0.293 Find similar Compare side-by-side
218123 ARSTECHNICA 2021-10-14:
Missouri gov. calls journalist who found security flaw a “hacker,” threatens to sue
0.290 Find similar Compare side-by-side
217747 ZDNET 2021-10-11:
Ransomware: Even when the hackers are in your network, it might not be too late
0.287 Find similar Compare side-by-side
218133 ZDNET 2021-10-15:
Critical infrastructure security dubbed 'abysmal' by researchers
0.284 Find similar Compare side-by-side
217967 ZDNET 2021-10-11:
Quest-owned fertility clinic announces data breach after August ransomware attack
0.284 Find similar Compare side-by-side
217862 THEVERGE 2021-10-13:
Snapchat is back up, after users couldn’t post or send messages for hours
0.283 Find similar Compare side-by-side
217965 TECHREPUBLIC 2021-10-12:
How to protect your organization from security threats across your supply chain
0.282 Find similar Compare side-by-side

1

ID: 217796

URL: https://www.theverge.com/2021/10/13/22723092/opensea-nft-vulnerability-gift-security-researchers-wallet-hack

Date: 2021-10-13

OpenSea fixes vulnerabilities that could let hackers steal crypto with malicious NFTs

OpenSea has fixed vulnerabilities in its platform that couldve let hackers steal someones crypto after sending them a maliciously crafted NFT. The issue was found by security firm Check Point Research, which noticed tweets from people claiming they were hacked after being gifted NFTs, according to a blog post. The researchers talked to one of the people saying they were attacked, and found vulnerabilities proving an attack could happen this way and reported the problems to OpenSea. The security firm says the NFT trading platform fixed the issue within an hour and worked with researchers to make sure the fix worked. While the attackers potentially being able to drain entire wallets is certainly not a good look for OpenSea, it wasnt a simple matter of just gifting someone an NFT — the exploit needed its target to click on a few prompts first, including one that might include transaction details. While being sent an NFT gift doesnt require any interaction on your part, the malicious NFTs were harmless if they just sat unviewed in an OpenSea account. The potentially dangerous situation occurs when viewing the image by itself (by, say, right-clicking on it and hitting open in new tab). For users with a crypto-wallet browser extension like MetaMask installed, it initiates a popup asking to connect storage.opensea.io to their wallet. If the target clicks yes, the attackers could snag the wallets information and trigger another popup asking to approve a transfer from the victims wallet to their own. If youre not paying attention or didnt realize what was going on and confirmed the transfer, you could wind up losing everything in your wallet. OpenSea says in a statement that it hasnt found any instances of someone actually carrying out that kind of attack — though its still unclear what happened to the people who say they were attacked. As far as I could find, there were only a few people talking about being hacked after receiving a gift NFT. OpenSea says its working with third-party wallet providers to help people recognize malicious signature requests. Still, for the most part, standard internet safety rules apply — dont click on things that seem out of the ordinary, and definitely dont confirm any transaction requests unless youre entirely sure its something you want to do. While this particular attack required a lot of interaction (as well as at least some amount of inattention) from the target, its good to see Check Points confirmation that OpenSea has fixed it. Its easy to imagine people new to NFTs potentially getting their wallets drained, and weve seen examples of bad actors and scammers in the crypto space. There are those who are willing to steal peoples Ethereum, pretend to be OpenSea support employees, or sell an almost certainly fake Banksy. OpenSea also announced on Monday that it would hide gifted NFTs from an accounts page by default if theyre from unverified collections and add an option to suspend your account from buying or selling NFTs if you think your wallet has been compromised.