Since last year, OpenSea, the biggest market for buying and selling non-fungible tokens (NFTs), has been the target of numerous hacks. Due to several hacking efforts, the platform has lost NFTs totaling $200 million so far. Users grow skeptical as a result of this loss. Although Opensea just fixed a vulnerability that may have revealed the sensitive information of its users, the recent success of the NFT platform may encourage its users to once again develop trust in the platform.
A team of Imperva security researchers discovered the vulnerability and alerted the company’s security team about it.
What was the Vulnerability?
The vulnerability was related to cross-site searches, which could allow hackers to infiltrate the system. The researchers found that it was possible to exploit this vulnerability to obtain the email addresses, wallet addresses, and names of the users. This information could have been used to steal users’ IP addresses, user agents, device data, and software versions.
What was the Impact?
Fortunately, the hackers were not able to discover the identity of the NFT users hence no serious impact has been made yet. However, this incident once again highlighted the risks associated with NFT platforms which creates concern among the users. To reduce these concerns and prevent such attacks in the future OpenSea has acknowledged the vulnerability and ensured to take appropriate measures as soon as possible.
OpenSea’s swift response to this vulnerability is a very commendable step. While it is concerning that such vulnerabilities exist even in the big platforms, it is noteworthy that companies like OpenSea take proactive measures to detect and fix them before they can severely harm its users.