Security team creates dashboard to detect potential NFT hacks in OpenSea

A wallet information squad released a real-time dashboard that lets assemblage members detect, way and show imaginable nonfungible token (NFT) hacks utilizing offline signatures successful the OpenSea marketplace. 

According to the squad down crypto wallet ZenGo, they created an NFT hack detector utilizing a elemental method. This includes tracking realized NFT trades successful the NFT marketplace and comparing the commercialized magnitude of the NFT collection’s level price. If the ratio betwixt the 2 commercialized values is suspiciously low, it volition get flagged arsenic a imaginable hack.

ZenGo wallet dashboard for detecting NFT hacks. Source: Dune Analytics

At the clip of writing, the dashboard flagged astir $25 cardinal worthy of NFTs hacked done offline signatures. Tal Be’ery, the main exertion serviceman of ZenGo, besides told Cointelegraph that this benignant of hack differs from others successful 2 ways. 

First, this benignant of hack does not person a wide mode of showing the meaning of the messages users indispensable sign. This means that users indispensable “blindly trust” the connection and “blindly motion them.“ In addition, Be’ery besides explained that this benignant of hack involves platforms’ contracts and argued that platforms stock immoderate responsibilities successful these cases.

Related: Here’s however to forestall NFT theft, according to manufacture professionals

When asked astir imaginable solutions for this occupation wrong the community, the wallet enforcement claimed there’s presently nary bully solution. He explained that:

“Users tin usage immoderate proprietary browser extensions that springiness immoderate visibility into immoderate offline signatures, but does not screen each offline signatures and needs to beryllium updated whenever a caller signifier of offline signature is added.”

According to the ZenGo team, they’ve besides started moving with the Ethereum Foundation, assorted decentralized applications, and different wallets to enactment a draught Ethereum Improvement Proposal (EIP) that fixes the contented if implemented. Be’ery said:

“The EIP allows a declaration to picture the nonstop meaning of the offline signature, specified that the wallet app tin show it to the idiosyncratic and past the idiosyncratic tin marque an informed determination connected whether oregon not they privation to motion the offline signature and don’t request to blindly sign.”

Similarly, the different entities wrong the assemblage person besides been issuing warnings implicit gasless transactions connected OpenSea. On Dec. 23, anti-theft task Harpie warned the community astir a backstage auction scam that threatens users of the NFT marketplace. The scam besides involves blindly approving signatures.