Block Journal
No Result
View All Result
  • Login
en English
nl Nederlandsen Englishfr Françaisde Deutschit Italianopt Portuguêsru Русскийes Españolth ไทยzh-CN 简体中文hi हिन्दीja 日本語
  • Home
  • News
  • Crypto
  • Markets
  • Investing
  • Glossary
  • Videos
  • Charts
    • Crypto
    • Forex
    • Stocks
    • Commodities
  • Magazine
Magazine
Newsletter
  • Trending Now
  • Bitcoin
  • Altcoin
  • Ethereum
  • Analysis
  • Blockchain
  • Metaverse
  • NFT
  • DeFi
  • Web3
  • GameFi
  • ICO
  • Legal
  • Security
Block Journal
  • Home
  • News
  • Crypto
  • Markets
  • Investing
  • Glossary
  • Videos
  • Charts
    • Crypto
    • Forex
    • Stocks
    • Commodities
  • Magazine
en English
nl Nederlandsen Englishfr Françaisde Deutschit Italianopt Portuguêsru Русскийes Españolth ไทยzh-CN 简体中文hi हिन्दीja 日本語
No Result
View All Result
Block Journal
No Result
View All Result
  • News
  • Crypto
  • Markets
  • Investing
  • Videos
  • Charts
Home Crypto Security

OpenSea patches vulnerability that potentially exposed users’ identities

News Room by News Room
March 13, 2023
in Security
Reading Time: 2 mins read
0 0
A A
0

Nonfungible token (NFT) marketplace OpenSea has reportedly patched a vulnerability that, if exploited, could expose identifying information about its anonymous users.

In a Mar. 9 blog, cybersecurity firm Imperva detailed how it discovered the vulnerability which it claimed could deanonymize OpenSea users “by linking an IP address, a browser session, or an email in certain conditions” to an NFT.

As the NFT corresponds to a cryptocurrency wallet address, a user’s real identity could be revealed from the information gathered and linked to the wallet and its activity, explained Imperva.

Imperva Red Team discovered a cross-site search vulnerability affecting the #NFT marketplace #OpenSea.

This vulnerability allows for the deanonymization of users, potentially revealing a user’s identity. https://t.co/nGQWceeGEc

— Imperva (@Imperva) March 9, 2023

The exploit is understood to have taken advantage of a cross-site search vulnerability. Imperva claimed OpenSea had misconfigured a library that resizes webpage elements that load HTML content from elsewhere which are typically used to place ads, interactive content, or embedded videos.

As OpenSea didn’t restrict this library’s communications, exploiters could use the information it broadcasts as an “oracle” to narrow down when searches return no results as the webpage would be smaller.

Imperva detailed that an attacker would send their target a link through email or SMS which if clicked “reveals valuable information, such as the target’s IP address, user agent, device details, and software versions.”

Screenshot of OpenSea’s front page. Source: OpenSea

The attacker would then use OpenSea’s vulnerability to extract the NFT names of their target and associate the corresponding wallet address with identifying information such as an email or phone number which was sent the original link.

Imperva said OpenSea “quickly addressed the issue” and properly restricted the library’s communications and reported the platform “was no longer at risk of such attacks.”

Users of the platform have long been victims of attacks that mimic OpenSea’s functions to undertake exploits, such as phishing websites that resemble the platform or signature requests appearing to originate from OpenSea.

OpenSea itself has faced criticism for its platform security due to a major phishing attack in February 2022 that resulted in over $1.7 million worth of NFTs being stolen from users.

As for the recent patch, it’s unknown how long it existed or if any users had been affected by the exploit.

OpenSea did not immediately respond to Cointelegraph’s request for comment.

Read the full article here

ShareTweetSharePinShareShareSend

Related News

CoinsPaid sees humans as the ‘weakest link’ when it comes to emerging hacking threats
Security

CoinsPaid sees humans as the ‘weakest link’ when it comes to emerging hacking threats

September 20, 2023
Delaware Is the Latest State to Ramp Up Efforts Against Crypto Fraud
Security

Delaware Is the Latest State to Ramp Up Efforts Against Crypto Fraud

September 20, 2023
Ethereum Stolen from the Hacked Crypto Platform Were Transferred to Multiple Addresses!
Security

Ethereum Stolen from the Hacked Crypto Platform Were Transferred to Multiple Addresses!

September 20, 2023
AngelDrainer Scam Group Paid Saboteurs to Target Balancer
Security

AngelDrainer Scam Group Paid Saboteurs to Target Balancer

September 20, 2023
Ledger CEO says Recover service expected to go live by end of year
Security

Ledger CEO says Recover service expected to go live by end of year

September 20, 2023
DeFi protocol Balancer frontend is under attack, users urged to stay away
Security

DeFi protocol Balancer frontend is under attack, users urged to stay away

September 20, 2023
JPEX, Hong Kong Exchange Suspected of RugPull, Allegedly Used for Money Laundering
Security

JPEX, Hong Kong Exchange Suspected of RugPull, Allegedly Used for Money Laundering

September 20, 2023
Petra crypto wallet is integrating Coinbase Pay
Security

Petra crypto wallet is integrating Coinbase Pay

September 20, 2023
With Its Security Under Scrutiny, OpenAI Is Recruiting a Cybersecurity ‘Red Team’
Security

With Its Security Under Scrutiny, OpenAI Is Recruiting a Cybersecurity ‘Red Team’

September 20, 2023

Discussion about this post

Latest News

Ethereum Devs Put Forth ERC-7512 Standard to Represent Audit Reports On-Chain

Ethereum Devs Put Forth ERC-7512 Standard to Represent Audit Reports On-Chain

September 21, 2023
Shiba Inu Burn Rate Spikes 317% as Shibarium Based SHIB Burn Update Announced

Shiba Inu Burn Rate Spikes 317% as Shibarium Based SHIB Burn Update Announced

September 21, 2023
Bullish Pattern Points to 30% Rally Ahead

Bullish Pattern Points to 30% Rally Ahead

September 21, 2023
Huobi Global Faces Risks As Investments In stUSDT Surge To $1.8 Billion

Huobi Global Faces Risks As Investments In stUSDT Surge To $1.8 Billion

September 21, 2023
Vivek Ramaswamy is Drafting a ‘Crypto Policy Framework’

Vivek Ramaswamy is Drafting a ‘Crypto Policy Framework’

September 21, 2023
ADVERTISEMENT

Popular

  • Fed’s Williams: Expects inflation to decline to around 3.25% this year

    Fed Preview: Forecasts from 15 major banks, a pause, but the end of rate hikes?

    0 shares
    Share 0 Tweet 0
  • Basic Attention Token to implement KYC-free on-chain payouts

    0 shares
    Share 0 Tweet 0
  • We must stop climate solutions from killing biodiversity

    0 shares
    Share 0 Tweet 0
  • Ukraine steps up efforts to break Russia’s Black Sea blockade

    0 shares
    Share 0 Tweet 0
  • Bitcoin Onchain Data Show Bullish Undercurrents

    0 shares
    Share 0 Tweet 0
Block Journal

Block Journal is the world’s leading source in blockchain news and updates. Follow us to stay up-to-date with all you need to know in web3.

LEARN MORE »

Recent Posts

  • Ethereum Devs Put Forth ERC-7512 Standard to Represent Audit Reports On-Chain
  • Shiba Inu Burn Rate Spikes 317% as Shibarium Based SHIB Burn Update Announced
  • Bullish Pattern Points to 30% Rally Ahead

Trending Topics

AI Altcoin Analysis Bitcoin Blockchain Commodities Crypto DeFi Ethereum Forex Futures GameFi ICO Interview Investing Legal Markets Metaverse News NFT Security Stocks Uncategorized Videos Web3

Get Informed

The most important crypto and finance news and events of the day

Be the first to know latest important news & events directly to your inbox.

By signing up, I agree to our TOS and Privacy Policy.

  • About
  • Privacy Policy
  • Terms of use
  • Press Release
  • Advertise
  • Contact

Copyright © 2023 Block Journal - Created by Sawah Solutions.

No Result
View All Result
  • Home
  • News
  • Crypto
  • Markets
  • Investing
  • Glossary
  • Videos
  • Charts
    • Crypto
    • Forex
    • Stocks
    • Commodities
  • Magazine

Copyright © 2023 Block Journal - Created by Sawah Solutions.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.