The wallet security team has released a real-time dashboard that allows community members to detect, monitor and track potential non-fungible token (NFT) hacks using offline signatures in the OpenSea marketplace.
According to To the ZenGo crypto wallet team, they created an NFT hack detector using a simple method. This includes tracking realized NFT trades in the NFT market and comparing the amount of the trade with the minimum price of the NFT collection. If the ratio between two trading values is suspiciously low, it will be flagged as a potential hack.
At the time of writing, nearly $25 million worth of NFTs have been flagged on the dashboard, hacked with offline signatures. Tal Beri, ZenGo’s CTO, also told Cryptooshala that this type of hack differs from others in two ways.
First, this type of hack does not have a generic way of showing the meaning of messages that users are supposed to sign. This means that users must “blindly trust” messages and “blindly sign them”. In addition, Beeri also explained that this type of hack involves platform contracts and argued that in these cases, the platforms share some responsibilities.
Here’s How to Prevent NFT Theft, According to Industry Professionals
When asked about possible community solutions to this problem, the wallet CEO stated that there is currently no good solution. He explained that:
“Users may use some proprietary browser extensions that provide some insight into some offline signatures, but do not cover all offline signatures and must be updated whenever a new form of offline signature is added.”
According to the ZenGo team, they have also started working with the Ethereum Foundation, various decentralized applications and other wallets to support the Ethereum Improvement Proposal (EIP) project, which fixes the problem if implemented. Beeri said:
“EIP allows the contract to describe the exact meaning of the offline signature so that the wallet application can display it to the user, and then the user can make an informed decision about whether they want to sign the offline signature or not. you don’t have to blindly sign.”
Similarly, other organizations in the community are also issuing warnings about gas-free transactions on OpenSea. On December 23, anti-theft project Harpie alerted the community to a private auction scam that threatens NFT marketplace users. Fraud also includes blind approval of signatures.
Credit : cointelegraph.com
