Israel’s Check Point Research uncovered an attempt to steal the cryptocurrency from OpenSea, the world’s largest NFT marketplace. The hackers tried to steal crypto wallets from the site. The amount of money that could have been stolen is immeasurable, but OpenSea says that it handled $3.4 billion in transaction volume in August 2021 alone.
OpenSea is the largest digital collectible marketplace, a peer-to-peer marketplace for crypto collectibles and non-fungible tokens, like NFT.
A Non-Fungible Token (NFT) is a kind of cryptocurrency like Bitcoin. Only in this case, it is a specific digital file whose unique identity and ownership are verified on a blockchain. NFTs can be bought with cryptocurrency and resold. NFTs have different values and so they are not interchangeable.
So, how did Check Point find the hack of OpenSea?
Check Point researchers spotted various cases where people tweeted reports claiming they lost their crypto wallet balance, while receiving a free gift on the OpenSea marketplace. The company says that there were reports that claimed that the digital wallets of merchants disappeared, causing collectors to lose hundreds of thousands of dollars worth of NFTs.
The reports speculated that an attack could start when a client received a free gift from a stranger or a link to OpenSea art.
This sounds like a typical kind of phishing scam; a hacker sends an e mail, or a text message, claiming to be from the target’s bank or another kind of service provider, and cons the mark into handing over their sensitive information like a password or a bank account number.
In this case, however, Check Point did not unmask the hackers and trace the source of the attacks as it has done in the past. This was the case when, last November, the company proved that the Pay2Key ransomware had come from Iran. And in August of this year, Check Point found that a small group opposed to the current Iranian regime called Indira were responsible for a cyberattack that disrupted train services in the country.
But, as in most cases with these kinds of scams, just uncovering it and explaining how the grift works is enough to stop it from continuing. And this is what Check Point did; the company issued a warning and explained to OpenSea customers how to protect themselves.
Check Point research stated, “The volume of traffic seen at OpenSea is a clear example presenting unprecedented interests in nonfungible tokens, which refer to digital assets that are stored on blockchains and not interchangeable.”
“Check Point Research remains dedicated to always seek paths to investigate and deep dive into popular tech trends, with an endless quest to make it safer for the publics’ secured experience. We were happy to liaise and collaborate with the OpenSea teams to allow the growing trend of NFT continue to be safer and secured.”