CenterPrime
Published in

CenterPrime

“The flaws of original content tradition and Why it is necessary to make up for a defect / complement the shortcomings of the original transaction”

Has the Boat sailed on OpenSea?

Where there is Sea there are Pirates, and where there is OpenSea there are Hackers.

If you own NFTs or are interested in the topic you have almost certainly heard of OpenSea, the world’s largest NFT exchange. In January this year, it became evident that scammers had exploited a bug on the OpenSea platform related to inactive listings. This bug allowed scammers to apprehend valuable NFTs for virtually no money, by being able to purchase them for market prices listed on the platform in the past. The damage exceeded $1 million while prominent victims included the Bored Ape Yacht Club, Mutant Ape Yacht Club, Cool Cats, and Cyberkongz NFTs.

Fast forward to February, just one month later, OpenSea announced a quick fix on February 18th. A new Smart Contract system had been designed to fix the issue. However, this upgrade resulted in the biggest hacking incident the platform has experienced to date, while this time Phishing emails were up for blame.

You don’t know what Phishing is? Well, I might have bad news for you and your NFT collection. Phishing involves a scammer posing as an official source, in this case, an official OpenSea account, and sending emails to users that imitate the design and layout of OpenSea. Users who mistake the mail as official and click the provided link end up getting their NFTs stolen. Stolen NFTs last month included examples from the Bored Ape Yacht Club, Mutant Ape Yacht Club, and several other collections — this time with a damage reported to be around $1.7 million.

With all these hacking incidents in such a short frame of time, the question remains as to whether OpenSea or any platform on the market can offer valuable security to NFT collections. While Smart Contracts are a valuable addition to NFT security, there is no consensus as to who is at fault when it comes to Phishing Attacks. In light of this recent incident, many users on Twitter have urged OpenSea to take responsibility. Other measures demanded are to adopt stricter protocol to never communicate with users via email. That way even the average user might hopefully become suspicious if an apparent OpenSea email pops up in their respective inboxes.

The real problem, however, lies even deeper, within the architecture of these platforms themselves. Users can sign a carte blanche approval for third-party contracts to use their private wallets that include their NFT collections without a set spending limit. That is the architecture that as a by-product also breeds phishing attacks. The initial hacking incident from January shows as well that it is the platform itself that is to blame, not the user, as the platform can be prone to have ever new bugs, yet undiscovered loopholes, and an overall lack of security.

The NFT market is a new industry, and as a result, NFT security is now a newly emerging topic of discussion. Platforms like OpenSea that have just been able to establish themselves on the market will now have to prove their raison d’être by demonstrating how they handle the security aspects related to NFTs. This development is unfolding as we speak, and startups related to NFT security are popping up almost every day offering new solutions that one day might become industry standard.

For now, we recommend users be aware of Phishing and stay up to date with official OpenSea announcements. Ultimately, the risk of getting hacked should be negligible at least for the average user.

About CenterPrime

The CenterPrime project uses a hyperledger private chain to share an open banking API to apps, connecting centralized finance to decentralized finance. Also making smart pairing data for loan, remittance, exchange, payment, and exchange rate information possible to be included in fintech oracle networks.

Website | Telegram | Medium | Twitter | Reddit | Github |YouTube

#NFT #OpenSea #CenterPrime #NFTsecurity #NFThacking #NFTMarketplace #Phishing #VIW #Watermark

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store