How to avoid crypto wallet theft

The fact that cryptocurrencies are not regulated in many countries around the world leaves these consumer wallets an attractive target for cybercriminals. In fact, lately, there have been several reports that claim that some digital wallets from different buyers have disappeared, causing collectors to lose hundreds of thousands of dollars on NFT. Reports speculated that the attack could begin after receiving a message with a free gift from a stranger, or a link to OpenSea.

The reports also theorized that by accepting the gift or clicking the link to OpenSea, the recipient would lose all their cryptocurrencies. This example, along with others that reported different scams within this market, has motivated researchers to search for and find vulnerabilities within the platform, which could have allowed cybercriminals to hijack accounts and steal cryptocurrencies from digital wallets. .

From Check Point Research they were able to identify critical security flaws in OpenSea, showing that a malicious NFT could be used to hijack accounts and steal these wallets. Successful exploitation of the vulnerabilities would have required the following steps:

• The attacker creates and gifts a malicious NFT to the victim.
• The victim sees the malicious NFT, which triggers a pop-up from the OpenSea storage domain, requesting connection to the cryptocurrency wallet (these types of pop-ups are common on the platform in other activities).
• After clicking to connect your wallet, in order to perform an action on the gifted NFT, thus allowing access to the wallet.
• The cybercriminal can get the money from the wallet by activating an additional pop-up window, which is also sent from the OpenSea storage domain. The user is obliged to click on the pop-up window, if he does not notice the note in it that describes the transaction.
• The end result could be the theft of the user’s entire cryptocurrency portfolio.

“Our interest in OpenSea arose when we saw that there was talk of stolen cryptocurrency wallets on the Internet. We speculated about the existence of an attack method around OpenSea, so we started a thorough investigation of the platform. The result was the discovery of a method of stealing users’ crypto wallets, simply by sending a malicious NFT through it. We immediately and responsibly disclosed our findings to OpenSea, who quickly worked with us to deploy a solution. I believe the data from our research, and OpenSea’s quick action will prevent the theft of users’ cryptocurrency wallets, ”explains Oded Vanunu, Head of Product Vulnerability Research at Check Point Software.

“Blockchain innovation is in full swing and NFTs are here to stay. Given the enormous pace of innovation, there is an inherent challenge in the secure integration of software applications and cryptocurrency markets. The cybersecurity community must step forward to help pioneering blockchain technologies protect crypto assets from consumers. We seriously warn the OpenSea community to be on the lookout for suspicious activity that could lead to theft, ”Vanunu concludes.

Check Point Research immediately and responsibly communicated its findings to OpenSea on Sunday, September 26, 2021. In less than an hour after notification, OpenSea fixed the problem and verified the solution. CPR worked closely and collaboratively with his team to ensure that the solution worked properly. OpenSea was very responsive and shared the svg files containing iframe objects from its storage domain, so that CPR could review them together and make sure all attack vectors were closed.

OpenSea statement:

“Security is critical to OpenSea. We appreciated that the CPR team informed us of this vulnerability and collaborated with us as we investigated the case and implemented a solution within an hour of it being reported to us. These attacks relied on users authorizing the breach. malicious activity through a third-party wallet provider, connecting your wallet by providing a signature for the malicious transaction. We have not been able to identify any case in which this vulnerability has been exploited, but we are acting directly with third-party wallets that integrate on our platform to help users better identify malicious signature requests, as well as other initiatives so that users can thwart scams and phishing attacks more effectively. We are also stepping up community education around best security practices and we have launched a series of posts in the bl og on how to stay safe on the web. We encourage both new members and veterans to read this series. Our goal is to empower the community to detect, mitigate and report attacks in the blockchain ecosystem, such as the one demonstrated by CPR ”.

How to protect yourself against these cyberattacks

Researchers at Check Point Research recommend extreme caution when receiving requests to sign your wallet online. Before approving a request, you should carefully review what is requested, and consider whether the request is abnormal or suspicious. If you have any doubts, it is advisable to reject the application and examine it more thoroughly, before giving such authorization.