The security team creates dashboards to detect potential NFT hacks in OpenSea
A wallet security team launched a real-time dashboard that allows community members to detect, track and monitor potential hacking of non-fungible tokens (NFTs) using offline signatures on the OpenSea marketplace.
According to the team behind the crypto wallet ZenGo, they created an NFT hack detector using a simple method. This includes tracking realized NFT trades on the NFT market and comparing the trade amount to the NFT collection’s floor price. If the ratio of the two trading values ββis suspiciously low, it will be flagged as a potential hack.
At the time of writing, the dashboard was flagging nearly $25 million worth of NFTs hacked through offline signatures. Tal Be’ery, the chief technology officer of ZenGo, also told Cointelegraph that this type of hack differs from others in two ways.
First, this type of hack doesn’t have a general way to show the meaning of the messages users have to sign. This means users have to blindly trust the message and sign them blindly. In addition, Be’ery also explained that this type of hack involves platforms’ contracts and argued that platforms share some responsibility in these cases.
Related: Here’s how to prevent NFT theft, according to industry professionals
When asked about possible solutions for this problem in society, the wallet manager claimed that there is currently no good solution. He explained that:
“Users can use some proprietary browser extensions that provide some visibility to some offline signatures, but do not cover all offline signatures and must be updated each time a new form of offline signature is added.”
According to the ZenGo team, they have also started working with the Ethereum Foundation, various decentralized applications and other wallets to support a draft Ethereum Improvement Proposal (EIP) that fixes the issue if implemented. Be’ery said:
“EIP allows a contract to describe the exact meaning of the offline signature so that the wallet app can show it to the user and then the user can make an informed decision about whether they want to sign the offline signature and not have to sign blindly.”
Similarly, the other entities in the community have also issued warnings about gas-free transactions on OpenSea. On December 23, the anti-theft project Harpie warned the community about a private auction scam threatening users of the NFT market. The scam also involves blindly approving signatures.