OpenSea addressed a security flaw to protect user's privacy

OpenSea addressed a security flaw to protect user's privacy

written by John Murphy | March 12, 2023

OpenSea addressed a critical security flaw to protect the user’s privacy and from any vulnerability to attackers.

OpenSea is a trading platform specifically for NFTs. A major cyber security platform named Imperva recently discovered a critical flaw in the security of the Open Sea. This flaw would have left all of the OpenSea users vulnerable to the attacker; providing access to any kind of personal information available on the platform.

Imperva pointed out that the misconfiguration in the iFrame-resizer library was the real issue in this entire situation. Further, they added information regarding the technique attacker might use to get to the data. They stated that the attacker would send a link through email or SMS, and if the target clicked on it, the attacker will collect all the important information such as the user’s IP address, device details, and software version.

The attacker would then use a cross-site search vulnerability to retrieve the target’s NFT names and associate the leaked NFT on a public wallet address with the initial email or phone number that received the link.

However, the upside to this entire situation was that after Imperva reported it, Open Sea successfully addressed this flaw on time and protected its users from any attacks or vulnerabilities.

Security flaw from the past

OpenSea has gone through similar cases in the past as well. They’ve faced even worse security concerns in the past. First, in February 2022 they witnessed one of the biggest security breaches when some attackers hacked into their eco-system. Which was recognized by Devin Finzer the CEO of OpenSea.

The platform experienced a great loss. the hackers stole $1.7 million worth of NFTs from the wallets of various users. Not long after that, they went through another breach in less than 3 months. They compromised the discord channel of the platform by linking it to a phishing site. The hackers got access by posting fake youtube news with a link to the phishing site.

After experiencing all such security breach issues, OpenSea finally made some solid and hard steps in order to ensure the user’s privacy and their digital assets as well.

Decrease in the trading activity

The NFT trading platform has been witnessing a decline in trading activity due to all of the arising issues since the mid of February. Their weekly online taking also plunged significantly. As a result, the weekly royalties of the NFT holders also decreased, and even the weekly supply-side fees went down. This will ultimately discourage the creators from listing their work on OpenSea.

OpenSea was heavily impacted by the Blur [BLUR] storm in the NFT marketplace ecosystem, causing a reduction in its share of the total trading volume across all marketplaces to 26%. Despite this setback, OpenSea still maintains a large portion of its user base and total sales, with a dominant share of 62.8% and 51%, respectively.