Hackers have become adept at exploiting the security vulnerabilities in these platforms, according to Check Point.
In September, the Check Point researchers noticed a lot of Twitter complaints from users of OpenSea who had suddenly lost all their holdings in their digital wallets. Vanunu and a colleague discovered that someone was posting NFT art that contained “malicious code.” If users clicked on the NFT, and accepted a “gift” from the hackers who had designed it, the code immediately cleaned out the user’s balance.
After Check Point alerted OpenSea, the company immediately fixed the vulnerability. But Vanunu was soon receiving emails from other crypto users caught in similar scams. As soon as one vulnerability was fixed, hackers discovered another.
“This is the game now,” says Vanunu.
The only way to defend against this kind of scam is to be very careful where you click.
“It’s not really the money, what hurts is the humiliation,” said…