OpenSea, one of the largest non-fungible token marketplaces, was hacked once again this week.
The hack follows two other attacks, the last one occurring in June 2022, when a third-party contractor was able to download the emails of its users and newsletter subscribers and provide a copy to an unauthorized party. An earlier phishing attack in February 2022 stole hundreds of NFTs from 32 users.
open sea acknowledged the current incident in a tweet sent out over the weekend on X/Twitter saying that application programming interface keys may have been compromised. The company recommended replacing the existing keys, which are set to automatically expire on October 2, with new keys. The company did not provide any other details.
“It’s a bad design,” said Jason Kent, resident hacker at Sequence Security. “If the data repository is accessible and the keys are compromised then a perfect storm exists where the data can be acquired by a malicious third party. It is extremely important to rotate these keys, this should happen early and often.
Coinciding with the OpenSea breach was an attack on crypto analytics vendor Nansen, which Violations also disclosed On its Corporate X account. The breach occurred last Wednesday and the company recommended changing passwords for all accounts. Apart from the timing, the methods of attack of the two breaches differ, as far as can be determined from their public statements. There has been no official announcement linking the two breaches.
Crypto-related attacks have increased due to the settlement of LastPass US LP master vault passwords in late 2022. Security blogger Brian Krebs has been tracking that breach and recently reported that the equivalent of over $35 million in crypto assets from 150 users were stolen due to this breach. He cites research that indicates its vault passwords were cracked to obtain the private keys to their crypto accounts.
In the early NFT days, OpenSea was the market leader, but its share has dropped to about a third of all NFT trading volume.
Image: OpenSEA
Your support vote is important to us and helps us keep the content free.
The one-click below supports our mission to provide free, in-depth and relevant content.
Join a community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many other luminaries and experts.
“theCUBE is an important partner for the industry. You guys are really a part of our events and we really appreciate you coming and I know people also appreciate the content you create” – Andy Jesse
Thank you
Source: siliconangle.com
