NFTs were considered to be the next big thing, but in spite of the fact that this is the case they ended up fizzling out without having all the much of an impact. It turns out that it wasn’t just money that NFT users ended up losing due to their poor investment choices. The biggest NFT marketplace out there, OpenSea, has also been leaking user data without realizing it.
With all of that having been said and now out of the way, it is important to note that there is a vulnerability in OpenSea’s source code that allowed hackers to find out the full names of anonymous users. While the vulnerability has reportedly been fixed, it will still have made users of the platform far less safe than might have been the case otherwise.
According to researchers working at Imperva, it might have been the cross-site search feature that was to blame. The feature did not limit the use of cross origin searches, and this all originated from the resizer library for each individual iFrame that the website was using with all things having been considered and taken into account.
The resizer adjusts the boundaries of the website according to the user’s device and other properties. Malicious actors sent out emails to these users so that they could discover these dimensions, and they would then cross reference them to figure out which user corresponded to which ID.
Users have had their full names along with their wallet IDs leaked. This just goes to show how lax security has been in the world of crypto, and the world of NFTs is clearly no different. Issues like this make NFTs an even more dangerous asset because of the fact that this is the sort of thing that could potentially end up resulting in massive financial losses that would be extremely difficult for people to get over.
OpenSea was slow to act here. It will be interesting to see if any of the victims of this fraud end up filing lawsuits against the company and speeding up the decline of NFTs.
Read next: 88% of Passwords Used By Businesses Consist of Basic Phrases
by Zia Muhammad via Digital Information World
No comments:
Post a Comment