image
Users of OpenSea, the world’s largest digital-collectible marketplace, have found their cryptocurrency wallets ripped off thanks to cyberattackers weaponizing security bugs that allowed them to highjack user accounts. The attacks revolved around boobytrapped art files, which circulated in the form of “free gifts.” That’s according to Check Point Research, whose researchers looked into a series of claims that cryptocurrency balances were going poof for both market shoppers and merchants. OpenSea is a peer-to-peer marketplace for virtual goods – a bit like the Etsy of non-fungible tokens (NFTs) and crypto collectibles. NFTs are a way to take reproduceable digital items such as photos, videos, audio and art files, and turn them into unique items; marketplaces use blockchain technology to establish a verified and public proof of ownership for such items. OpenSea has benefitted from the NFT boom, racking up $3.4 billion in transaction volume just in August. Cybercriminals are of course drawn to such money hubs like moths to a flame – and they have been true to form with OpenSea, according to Check Point. To uncover how the wallet-draining attacks were carried out, researchers focused on reports that they began with a target being offered a free NFT gift or a link to OpenSea Art. For instance, one victim confirmed to CPR that he interacted with an airdropped NFT object prior to the wallet theft. “So, we decided to check what will happened if we would create malicious art that…

Source