Imperva, a cybersecurity firm found that there can be some vulnerabilities which can leak user information on OpenSea platform like phone numbers and email address. In a blog post on 9th March, Imperva, the Cybersecurity firm about how the vulnerability was discovered. They said that they linked an IP address, an email and a browser session with some conditions.
As the NFT stays with a crypto wallet address, the real identity of a user can be revealed from all the information collected and linked to the activity in that wallet. The firm understands that the exploits can take advantage of search vulnerability by OpenSea. Imperva’s claims are that OpenSea has a misconfiguration about their library that resize the elements of an webpage to load contents from other places. These contents are mostly interactive contents and ads.
OpenSea Patched Vulnerability:
However, because of the firm is not restricting the communications of the library, the exploiters can use this info to find the user and their personal information. Imperva also outlined that any attacker will send targeted links via emails and SMS that upon being clicked will reveal valuable information like IP addresses and more.
Then the attacker can use this vulnerability of OpenSea to extract almost anything they need to know about the NFT wallet holder. It said that the NFT firm will address the issue instantly and will restrict the communications of the library so that their users are safe.
OpenSea has already faced criticism from other websites for their weak platform security measures that attracts major phishing attacks. As about the latest patch, it is hard to know if the users have got affected by all these exploits.