OpenSea User Identities May Have Been Exposed in New Vulnerability

The vulnerability was caused by a misconfiguration of the iFrame-resizer library used by OpenSea, research firm Imperva revealed in a report on Thursday.
Image source: OpenSea

Quick take:

  • OpenSea users may have been exposed to a new deanonymisation vulnerability.
  • Imperva Research said the vulnerability was caused by a misconfiguration of the iFrame-resizer library used by OpenSea.
  • OpenSea has since fixed the issue.

Cyber Security company Imperva recently unveiled a vulnerability in OpenSea that allowed users to deanonymise the identities of NFT traders on the platform. According to the company, the vulnerability was caused by a misconfiguration of the iFrame-resizer library used by the leading NFT marketplace

The misconfiguration allowed the cross-site search vulnerability to exist, which can be used by a hacker to obtain user identities.

“When successfully exploited, this issue allows for the deanonymization of OpenSea users by linking an IP address, a browser session, or an email in certain conditions to a specific non-fungible token (NFT) and, therefore, a wallet address, potentially revealing a user’s identity,” Imperva wrote in a blog post.

The report also said OpenSea has since released a patch to fix the issue. The patch restricts cross-origin communication, mitigating the risk of further exploitation. The cyber security firm reviewed the fix, confirming that the vulnerability no longer exists.

OpenSea last year had more than 1 million registered users, and received over 120 million monthly visitors to its website, making it the world’s most popular and largest NFT marketplace.

That means more than 1 million accounts may have been exposed when the vulnerability was still active.

This is not OpenSea’s first major glitch. The company has faced multiple cyber attacks, some through its partners and others through its social channels.

Last June, an employee of the NFT marketplace’s email vendor, leaked addresses to an unauthorised third party, with the company issuing an alert to users of potential email phishing scams.

Recently OpenSea has lost its spot for being the number one NFT marketplace in terms of transaction volume to Blur, an NFT platform launched in October 2022.

Source: Dune Analytics/Sealaunch

The highly incentivised NFT marketplace has reignited the NFT boom with transaction volumes bouncing back from 2022 lows.

After launching the $BLUR token on the Blur platform, weekly Ethereum NFT volume increased to $536 million boosting the overall transaction volume for February to $2.5 billion, the highest since April last year.

OpenSea continues to be the biggest NFT marketplace in terms of registered users and the number of collections listed.


Stay up to date:

Subscribe to our newsletter using this link – we won’t spam!

Previous Post

DAO Maker Builds New NFT Game Based on Logan Paul’s CryptoZoo Project

Next Post

Nissan Files New Trademark Applications for NFTs and the Metaverse

Related Posts