The NFT sector has recorded notable growth over the past year despite the recession across the broader cryptocurrency market. Notable brands such as Visa, the New York Stock Exchange, Coca-Cola, Adidas, etc., have all ventured into non-fungible tokens. Amid this growth, there have been concerns over the security of NFTs. OpenSea, the largest NFT platform, was targeted by a phishing scheme after the platform announced plans to delist the inactive NFTs from its platform.
In mid-February, OpenSea announced a smart contract upgrade that required all users to transfer the listed NFTs from Ethereum to a new smart contract. Users that failed to execute this upgrade could lose their old and inactive NFT listings.
The small deadline for migration provided by OpenSea presented hackers with an opportunity to conduct the attacks. Hours after this announcement, it was revealed that third-party individuals could steal NFTs from the stored data on the platform. The hackers targeted these NFTs before they could be moved to the new smart contract.
Neeraj Murarka, the chief technical officer and co-founder of Bluezelle, commented on this attack, saying, “Metaphorically, this was like signing a blank check. Normally, this is okay if the payee is the intended recipient. Keep in mind that an email can be sent by anyone but be made to appear to be sent by someone else. IN this case, the payee appears to be a single hacker who was able to use these signed transactions to transfer out and effectively steal the NFTs from these users.”
Boosting security in NFT marketplaces
Several security recommendations have been made to protect users on NFT marketplaces. One of these is the improvement of user experiences to ensure users are not affected by phishing attacks.
However, while NFT platforms could adopt tougher security measures, there is still a concern about how these measures will protect their users. Users need to be educated about phishing attacks and protect themselves from such incidences. Therefore, experts agreed that OpenSea was not solely responsible for the attacks, but it begged the question of the information provided by OpenSea to its users.
Your capital is at risk.
Read more: