It is reported that the irreplaceable token sales market OpenSea has already fixed a loophole, once exploited, may expose its secret user identity information.
In an online article on March 9th, Imperva, a cyber security company, explained how this identified the vulnerability, which it claimed could de-polarize OpenSea users by linking IP addresses, computer browser conversations or special case emails to NFT.
Imperva explained that because NFT corresponds to the address of the digital currency wallet, it can reveal the true identity of the user from collecting and linking to the wallet and activity information.
It is understood that the vulnerability exploits a cross-site retrieval vulnerability. Imperva claims that OpenSea is improperly equipped with a library that resizes web elements that load HTML videos from elsewhere, which are typically used to promote products, interact with specific content, or place short videos.
Because OpenSea does not restrict the communication of this library, when the search does not return to all conclusions, the attacker can use the information broadcast for the "saint" to reduce the search scope, because the web page will be smaller.
Imperva details that an attacker can push a connection to his overall target via email or information, which, if clicked, will "disclose meaningful information such as the target IP address, user agent, machine device details, and system version."
The attacker will then take advantage of OpenSea's vulnerability to obtain the target NFT name and associate the corresponding wallet address with authentication information such as email or contact number uploaded based on the initial connection.
Imperva showed that OpenSea "solved the problem quickly" but appropriately hindered library communications, and the report noted that the site "will no longer be exposed to such offensive risks."
For a long time, users of the site have been imitating OpenSea software to exploit victims, such as fraudulent sites like the site, or signature requirements that appear to stem from OpenSea.
OpenSea itself has been criticized for the security of its platform after a major man-in-the-middle attack on the Internet in February 2022 resulted in the theft of more than $1.7 million worth of NFT from users.
For the recent patch, it is not clear at this stage how long it exists, nor whether there are users who have been affected by the attack.
OpenSea didn't immediately respond to Cointelegraph's request for comment.
Polkadot was launched in May 2020. In a market dominated by Bitcoin and Ethereum, it quickly established itself as the next generation blockchain. The scale and interoperability problems limit Bitcoin's ability to transfer value without the assistance of
For some newcomers to the currency circle, they are not familiar with the investment in the currency circle, and their understanding of the special currency is not very deep. Therefore, they may be at a loss in the choice of investment methods. Many inves
Lummis is a well-known crypto advocate on Capitol Hill with over $100,000 in crypto.
Several analysts argue that shrimp accumulation is good for the Bitcoin network because it makes the asset more decentralized over time.
ARK Invest filed for a spot Bitcoin ETF in collaboration with 21Shares long before BlackRock did, and its application is reportedly first in line for the SEC’s approval.
Interestingly, the price surge was on the back of increased activity from whales, as indicated by on-chain data. The increased activity led to an increased"/>
Recent market dynamics have seen Solana struggling to break above the $200 mark. A notable bearish factor among these market fundamentals is the recent"/>
DOGE, the internet's favorite memecoin, is back in the spotlight. Recent data reveals a surge in futures market activity, coupled with bullish technical"/>
The recent stratospheric rise of Bitcoin, reaching a new all-time high of $73,000, has sent ripples of excitement and trepidation through the crypto world."/>
Co-founder of Tornado Cash Roman Storm has filed a motion to dismiss the charges levied against him by the US Department of Justice (DOJ)."/>
On Thursday, March 28, a hack occurred on Prisma Finance, a decentralized lending protocol on the Ethereum network. The exploiter carted away about 3,257.7"/>
Once fully licensed in Dubai, Bybit plans to run a full-scope exchange, offering crypto lending, payments, investment and other services.
Tue, 18 Apr 2023