Nonfungible token (NFT) kev lag luam OpenSea tau tshaj tawm patched qhov tsis zoo uas, yog tias siv tau, tuaj yeem nthuav tawm cov ntaub ntawv txheeb xyuas txog nws cov neeg siv tsis qhia npe.
Hauv lub Peb Hlis 9 blog, cybersecurity firm Imperva piav qhia nws li cas nrhiav tau qhov tsis zoo uas nws tau thov tuaj yeem tsis qhia npe OpenSea cov neeg siv "los ntawm kev txuas tus IP chaw nyob, kev sib ntsib browser, lossis email hauv qee yam xwm txheej" rau NFT.
Raws li NFT sib raug rau qhov chaw nyob cryptocurrency hnab nyiaj, tus neeg siv tus kheej tiag tiag tuaj yeem nthuav tawm los ntawm cov ntaub ntawv sau thiab txuas rau lub hnab nyiaj thiab nws cov haujlwm, piav qhia Imperva.
Imperva Red Team nrhiav pom qhov cuam tshuam ntawm qhov chaw tshawb nrhiav qhov tsis zoo cuam tshuam rau #NFT kiab khw #OpenSea.
Qhov kev tsis txaus ntseeg no tso cai rau cov neeg siv tsis qhia npe, muaj peev xwm nthuav tawm tus neeg siv tus kheej. https://t.co/nGQWceeGEc
— Imperva (@Imperva) Lub peb hlis ntuj 9, 2023
Kev siv dag zog tau nkag siab tias tau coj kom zoo dua ntawm kev tshawb nrhiav qhov tsis sib haum xeeb. Imperva tau thov OpenSea tau teeb tsa lub tsev qiv ntawv tsis raug uas hloov kho cov nplooj ntawv web uas thauj cov ntsiab lus HTML los ntawm lwm qhov uas feem ntau yog siv los tso cov tshaj tawm, cov ntsiab lus sib tham sib, lossis cov yeeb yaj kiab embedded.
Raws li OpenSea tsis txwv lub tsev qiv ntawv kev sib txuas lus, cov neeg siv khoom siv tau cov ntaub ntawv nws tshaj tawm raws li "oracle" kom nqaim thaum tshawb nrhiav tsis tau txais txiaj ntsig vim qhov webpage yuav me dua.
Imperva piav qhia tias tus neeg tawm tsam yuav xa lawv lub hom phiaj ib qhov txuas los ntawm email lossis SMS uas yog nyem "qhia tawm cov ntaub ntawv tseem ceeb, xws li lub hom phiaj tus IP chaw nyob, tus neeg siv khoom, cov ntsiab lus ntawm cov cuab yeej, thiab cov software versions."
Tom qab ntawd tus neeg tawm tsam yuav siv OpenSea qhov tsis zoo los rho tawm NFT cov npe ntawm lawv lub hom phiaj thiab koom nrog qhov chaw nyob hauv hnab nyiaj nrog txheeb xyuas cov ntaub ntawv xws li email lossis xov tooj uas tau xa mus rau thawj qhov txuas.
Imperva tau hais tias OpenSea "yuav daws qhov teeb meem sai sai" thiab txwv tsis pub lub tsev qiv ntawv kev sib txuas lus tau zoo thiab tshaj tawm lub platform "tsis muaj kev pheej hmoo ntawm kev tawm tsam."
Related: Pab neeg ruaj ntseg tsim dashboard txhawm rau txheeb xyuas qhov muaj peev xwm NFT hacks hauv OpenSea
Cov neeg siv ntawm lub platform tau ntev lawm cov neeg raug tsim txom los ntawm kev tawm tsam uas ua raws li OpenSea lub luag haujlwm los ua haujlwm, xws li phishing cov vev xaib uas zoo li lub platform lossis kos npe thov tshwm los ntawm OpenSea.
OpenSea nws tus kheej tau ntsib kev thuam rau nws lub platform kev ruaj ntseg vim a loj phishing nres Thaum Lub Ob Hlis 2022 uas ua rau ntau dua $ 1.7 lab tus nqi ntawm NFTs raug nyiag los ntawm cov neeg siv.
Raws li rau thaj tsam tsis ntev los no, nws tsis paub ntev npaum li cas nws muaj nyob lossis yog tias ib tus neeg siv tau cuam tshuam los ntawm kev siv.
OpenSea tsis tau teb tam sim rau Cointelegraph qhov kev thov kom tawm tswv yim.
Tau qhov twg los: https://cointelegraph.com/news/opensea-patches-vulnerability-that-potentially-exposed-users-identities