.png)
Specialists reported about discovery dangerous vulnerabilities in program parts popular marketplace rare. AT basis attacks lies in advance prepared malicious NFTs-file, which the enough simply run potential victim. AT case success intruders receive access to account With opportunity steal With him funds.
Discovered vulnerability specialists Check point in process study major theft on the another popular site-opensea. Token was kidnapped at singer Jay Zhou from Taiwan,later criminals managed resell his per 500 thousand dollars. After detection vulnerabilities in ON opensea specialists decided verify on the similar mistakes other sites, including rare. Representatives service already notified about availability Problems and promised in shortest terms contribute relevant changes.
Today already not rare situations, when collections NFTs stand several million. it raises interest intruders: amount incidents stable growing.
AT most cases on the primary stage attacks intruders use ordinary phishing scheme-user necessary force go on link. This link leads on the malicious NFTs, which the at startup also starts up Java Script. Further user heading off request setApprovalForAll, which the in case confirmation co sides victims opens access to his resources. Exactly from this scheme Suffered Zhou, which the lost file from collections Bored Ape.
Investigation showed, what from similar attacks may get injured and other users rare.Vulnerability, which took advantage intruders at attack on the opensea, also applicable and for rare: one transaction allows get access and to cryptocurrency, and to NFTs-files.
Specialists noted, what in basis scheme lies classical phishing, level security directly marketplace-on the second place.However then, what intruder maybe get access straightaway to everyone assets account is disadvantage architecture platforms.