1. Home
  2. nft users

nft users

OpenSea patches vulnerability that potentially exposed users’ identities

Cybersecurity firm Imperva found a vulnerability that could be used to leak user information such as email addresses and phone numbers, which has now been patched.

Nonfungible token marketplace OpenSea has reportedly patched a vulnerability that, if exploited, could have exposed identifying information about its anonymous users. 

In a March 9 blog post blog, cybersecurity firm Imperva detailed how it discovered the vulnerability, which it claimed could deanonymize OpenSea users “by linking an IP address, a browser session, or an email in certain conditions” to an NFT.

As the NFT corresponds to a cryptocurrency wallet address, a user’s real identity could be revealed from the information gathered and linked to the wallet and its activity, Imperva explained.

The exploit is understood to have taken advantage of a cross-site search vulnerability. Imperva claimed OpenSea had misconfigured a library that resizes webpage elements that load HTML content from elsewhere that are typically used to place ads, interactive content, or embedded videos.

As OpenSea didn’t restrict this library’s communications, exploiters could use the information it broadcasts as an “oracle” to narrow down when searches return no results as the webpage would be smaller.

Imperva detailed that an attacker would send their target a link through email or SMS, which if clicked “reveals valuable information, such as the target’s IP address, user agent, device details, and software versions.”

Screenshot of OpenSea's front page. Source: OpenSea

The attacker would then use OpenSea’s vulnerability to extract the NFT names of their target and associate the corresponding wallet address with identifying information such as an email or phone number which was sent the original link.

Imperva said OpenSea “quickly addressed the issue” and properly restricted the library’s communications, reporting that the platform “was no longer at risk of such attacks.”

Related: Security team creates dashboard to detect potential NFT hacks in OpenSea

Users of the platform have long been victims of attacks that mimic OpenSea’s functions to undertake exploits, such as phishing websites that resemble the platform or signature requests appearing to originate from OpenSea.

OpenSea itself has faced criticism for its platform security due to a major phishing attack in February 2022 that resulted in over $1.7 million worth of NFTs being stolen from users.

As for the recent patch, it’s unknown how long it existed or if any users had been affected by the exploit.

OpenSea did not immediately respond to Cointelegraph’s request for comment.

Bitcoin’s Astronomical Returns: 14,211 New Millionaires and 4 New Billionaires Emerge

Tumbleweeds blow through Coinbase NFT on its first day: Just $75K in volume

After almost seven months and over 8.4 million emails on the waitlist Coinbase opened its NFT marketplace to the public but only recorded 150 transactions on the big day.

Coinbase, one of the largest crypto exchanges by volume, opened its beta non-fungible token (NFT) marketplace to the public on May 4 with on-chain data showing a maximum of 150 total transactions on the day and $75,000 in USD volume.

The transactions captured by Dune Analytics show the total amount which took place through the 0x Protocol, the infrastructure behind Coinbase’s marketplace. Whilst not all transactions are guaranteed to be from Coinbase, since 0x announced its support for NFTs in January it has yet to announce any other partners apart from Coinbase.

Number of market transactions on the 0x Protocol. Dune Analytics.

The number pales into insignificance compared to expectations arising from the marketplace's waitlist. More than 8.4 million email addresses signed up for the waitlist before it moved into beta testing on April 20 with only a select few able to create profiles to buy and sell NFTs. Analytics show just over 1,200 total users have transacted on the platform up until May 5, a mere 0.014% of the waitlist.

Market volume figures in USD aren’t hitting the mark either, May 4 saw just over $74,700 in volume transacted on Coinbase’s new marketplace. While that might please critics who claim the NFT market is in sharp decline, by comparison the largest NFT market OpenSea recorded $1.18 billion in transaction volume on the same day.

Coinbase announced the waitlist for its NFT platform almost seven months ago in mid-October 2021 with some Twitter users noting that the launch took too long to open to a public who had other options like OpenSea and LooksRare listing popular collections.

Related: 5 NFT marketplaces that could topple OpenSea in 2022

Some users report that the marketplace in its current form doesn’t differentiate from its competitors as it needs a self custody wallet and requires gas fees. Coinbase does have future plans to change this as its January partnership announcement with Mastercard will look to make the platform friendlier to first time users with the ability to purchase NFTs via credit card.

The low user numbers for its marketplace come over a week before a Q1 earnings call on May 13, Coinbase’s stock price is down 68% from its all-time high of $357 on November 10 hitting a low of $112 on April 29.

Bitcoin’s Astronomical Returns: 14,211 New Millionaires and 4 New Billionaires Emerge