Block Journal
No Result
View All Result
  • Login
en English
nl Nederlandsen Englishfr Françaisde Deutschit Italianopt Portuguêsru Русскийes Españolth ไทยzh-CN 简体中文hi हिन्दीja 日本語
  • Home
  • News
  • Crypto
  • Markets
  • Investing
  • Glossary
  • Videos
  • Charts
    • Crypto
    • Forex
    • Stocks
    • Commodities
  • Magazine
Magazine
Newsletter
  • Trending Now
  • Bitcoin
  • Altcoin
  • Ethereum
  • Analysis
  • Blockchain
  • Metaverse
  • NFT
  • DeFi
  • Web3
  • GameFi
  • ICO
  • Legal
  • Security
Block Journal
  • Home
  • News
  • Crypto
  • Markets
  • Investing
  • Glossary
  • Videos
  • Charts
    • Crypto
    • Forex
    • Stocks
    • Commodities
  • Magazine
en English
nl Nederlandsen Englishfr Françaisde Deutschit Italianopt Portuguêsru Русскийes Españolth ไทยzh-CN 简体中文hi हिन्दीja 日本語
No Result
View All Result
Block Journal
No Result
View All Result
  • News
  • Crypto
  • Markets
  • Investing
  • Videos
  • Charts
Home Crypto Security

OpenSea patches vulnerability that potentially exposed users’ identities

News Room by News Room
March 13, 2023
in Security
Reading Time: 2 mins read
0 0
A A
0

Nonfungible token (NFT) marketplace OpenSea has reportedly patched a vulnerability that, if exploited, could expose identifying information about its anonymous users.

In a Mar. 9 blog, cybersecurity firm Imperva detailed how it discovered the vulnerability which it claimed could deanonymize OpenSea users “by linking an IP address, a browser session, or an email in certain conditions” to an NFT.

As the NFT corresponds to a cryptocurrency wallet address, a user’s real identity could be revealed from the information gathered and linked to the wallet and its activity, explained Imperva.

Imperva Red Team discovered a cross-site search vulnerability affecting the #NFT marketplace #OpenSea.

This vulnerability allows for the deanonymization of users, potentially revealing a user’s identity. https://t.co/nGQWceeGEc

— Imperva (@Imperva) March 9, 2023

The exploit is understood to have taken advantage of a cross-site search vulnerability. Imperva claimed OpenSea had misconfigured a library that resizes webpage elements that load HTML content from elsewhere which are typically used to place ads, interactive content, or embedded videos.

As OpenSea didn’t restrict this library’s communications, exploiters could use the information it broadcasts as an “oracle” to narrow down when searches return no results as the webpage would be smaller.

Imperva detailed that an attacker would send their target a link through email or SMS which if clicked “reveals valuable information, such as the target’s IP address, user agent, device details, and software versions.”

Screenshot of OpenSea’s front page. Source: OpenSea

The attacker would then use OpenSea’s vulnerability to extract the NFT names of their target and associate the corresponding wallet address with identifying information such as an email or phone number which was sent the original link.

Imperva said OpenSea “quickly addressed the issue” and properly restricted the library’s communications and reported the platform “was no longer at risk of such attacks.”

Users of the platform have long been victims of attacks that mimic OpenSea’s functions to undertake exploits, such as phishing websites that resemble the platform or signature requests appearing to originate from OpenSea.

OpenSea itself has faced criticism for its platform security due to a major phishing attack in February 2022 that resulted in over $1.7 million worth of NFTs being stolen from users.

As for the recent patch, it’s unknown how long it existed or if any users had been affected by the exploit.

OpenSea did not immediately respond to Cointelegraph’s request for comment.

Read the full article here

ShareTweetSharePinShareShareSend

Related News

Hacker El Dorado Exchange ($EDE) On Arbitrum Unmasking Project Price Fraud
Security

Hacker El Dorado Exchange ($EDE) On Arbitrum Unmasking Project Price Fraud

May 30, 2023
Metaverse Platform MetaPoint Exploited for Nearly $1M
Security

Jimbos Protocol Ultimatum: Return Hacked $7.5M or Face Law Enforcement

May 29, 2023
Delivery Date for 5,000 Shiba Inu Cold Wallets Announced
Security

Delivery Date for 5,000 Shiba Inu Cold Wallets Announced

May 29, 2023
XRP Community Alert: Xaman App Warns Against Fake Tokens
Security

XRP Community Alert: Xaman App Warns Against Fake Tokens

May 29, 2023
Level Finance exploiter moves $1m worth of BNB to Tornado Cash
Security

Level Finance exploiter moves $1m worth of BNB to Tornado Cash

May 29, 2023
VIRAL Meme Coin Faces Allegations of Scamming Investors Out of 131 ETH
Security

VIRAL Meme Coin Faces Allegations of Scamming Investors Out of 131 ETH

May 29, 2023
Arbitrum Based Jimbos Protocol Scurries for Revival After $7M Exploit
Security

Arbitrum Based Jimbos Protocol Scurries for Revival After $7M Exploit

May 29, 2023
Spike in Crypto Scams Targeting Young Korean Women – Here’s How Fraudsters Strike
Security

Spike in Crypto Scams Targeting Young Korean Women – Here’s How Fraudsters Strike

May 29, 2023
Nigerian Crypto Firm Patricia Halts Withdrawal Post Exploit
Security

Nigerian Crypto Firm Patricia Halts Withdrawal Post Exploit

May 28, 2023

Discussion about this post

Latest News

Robert Kennedy Jr Slams SEC for Protecting Banks Instead of American People — Calls for Crypto-Friendly Commissioners

Robert Kennedy Jr Slams SEC for Protecting Banks Instead of American People — Calls for Crypto-Friendly Commissioners

May 30, 2023
China stocks in Hong Kong enter bear market territory

China stocks in Hong Kong enter bear market territory

May 30, 2023
It Really Is Time for Bitcoin (BTC) To Rise, Says Veteran Trader Tone Vays – Here’s His Target

It Really Is Time for Bitcoin (BTC) To Rise, Says Veteran Trader Tone Vays – Here’s His Target

May 30, 2023
Peak rates at 3.75% for the ECB and 5.25% for the BoE – Nomura

Peak rates at 3.75% for the ECB and 5.25% for the BoE – Nomura

May 30, 2023
US, EU in talks on clean technology trade deal -FT

Marketmind: Relief rally eyed on US debt ceiling deal

May 30, 2023
ADVERTISEMENT

Popular

  • EU states back ban on destruction of unsold clothing

    EU states back ban on destruction of unsold clothing

    0 shares
    Share 0 Tweet 0
  • Can $BTC Bulls Defend $26000 Support? Experts Predict “No”

    0 shares
    Share 0 Tweet 0
  • US: Durable Goods Orders rise 1.1% in April vs -1% expected

    0 shares
    Share 0 Tweet 0
  • Ex-CBS shareholders reach proposed $167.5 million settlement over Viacom deal

    0 shares
    Share 0 Tweet 0
  • Terra Classic Project Burns LUNC For Edward Kim AI Chain “Block Entropy” Testnet Token

    0 shares
    Share 0 Tweet 0
Block Journal

Block Journal is the world’s leading source in blockchain news and updates. Follow us to stay up-to-date with all you need to know in web3.

LEARN MORE »

Recent Posts

  • Robert Kennedy Jr Slams SEC for Protecting Banks Instead of American People — Calls for Crypto-Friendly Commissioners
  • China stocks in Hong Kong enter bear market territory
  • It Really Is Time for Bitcoin (BTC) To Rise, Says Veteran Trader Tone Vays – Here’s His Target

Trending Topics

Altcoin Analysis Bitcoin Blockchain Commodities Crypto DeFi Ethereum Forex Futures GameFi ICO Investing Legal Markets Metaverse News NFT Security Stocks Uncategorized Videos Web3

Get Informed

The most important crypto and finance news and events of the day

Be the first to know latest important news & events directly to your inbox.

By signing up, I agree to our TOS and Privacy Policy.

  • About
  • Privacy Policy
  • Terms of use
  • Press Release
  • Advertise
  • Contact

Copyright © 2023 Block Journal - Created by Sawah Solutions.

No Result
View All Result
  • Home
  • News
  • Crypto
  • Markets
  • Investing
  • Glossary
  • Videos
  • Charts
    • Crypto
    • Forex
    • Stocks
    • Commodities
  • Magazine

Copyright © 2023 Block Journal - Created by Sawah Solutions.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.