{"id":547142,"date":"2023-02-03T05:09:55","date_gmt":"2023-02-03T02:09:55","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/opensea-serves-as-an-example-of-why-crypto-security-must-improve\/"},"modified":"2023-02-03T05:09:55","modified_gmt":"2023-02-03T02:09:55","slug":"opensea-serves-as-an-example-of-why-crypto-security-must-improve","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/opensea-serves-as-an-example-of-why-crypto-security-must-improve\/","title":{"rendered":"# OpenSea serves as an example of why crypto security must improve"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2f3332d2b5f\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2f3332d2b5f\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/opensea-serves-as-an-example-of-why-crypto-security-must-improve\/#%E2%80%9D_OpenSea_serves_as_an_example_of_why_crypto_security_must_improve_%E2%80%9C\" >&#8221; OpenSea serves as an example of why crypto security must improve &#8220;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/opensea-serves-as-an-example-of-why-crypto-security-must-improve\/#Blockchain_platforms_need_to_learn_how_to_identify_malicious_activity\" >Blockchain platforms need to learn how to identify malicious activity<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/opensea-serves-as-an-example-of-why-crypto-security-must-improve\/#Beware_of_the_spammy_airdrop\" >Beware of the spammy airdrop<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/opensea-serves-as-an-example-of-why-crypto-security-must-improve\/#Onboarding_is_an_integral_part_of_the_business_plan\" >Onboarding is an integral part of the business plan<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/opensea-serves-as-an-example-of-why-crypto-security-must-improve\/#Best_practices_should_be_a_priority_for_all_blockchain_platforms\" >Best practices should be a priority for all blockchain platforms<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_OpenSea_serves_as_an_example_of_why_crypto_security_must_improve_%E2%80%9C\"><\/span>&#8221; OpenSea serves as an example of why crypto security must improve &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjMtMDEvM2JlYWZkNjYtNWQ3Zi00NDgwLTkxYTMtNmE1YmViMjQ1MzlmLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-5a4050f8>In February 2022, OpenSea fell prey to a major phishing attack that resulted in over $1.7 million in nonfungible tokens (NFTs) being stolen from users. It wasn\u2019t the only incident: Blockchain users reportedly lost $3.9 billion to fraudulent activity in 2022 alone.<\/p>\n<p>As we entered 2023, there was a chorus of promises to increase security within the crypto space. But, so far, things haven\u2019t significantly changed. Companies that utilize blockchain still aren\u2019t doing enough to prevent scams.<\/p>\n<p>If blockchain <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> is going to see mass adoption, companies will have to change their <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roach from the bottom up. By focusing on education and implementing better processes to identify malicious activity, these platforms can better serve their customers as the space continues to grow.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Blockchain_platforms_need_to_learn_how_to_identify_malicious_activity\"><\/span>Blockchain platforms need to learn how to identify malicious activity<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>In the case of the OpenSea hack, victims were asked to sign an incomplete contract, seemingly at the platform\u2019s request. While OpenSea\u2019s core infrastructure was not hacked, the fake accounts were able to take advantage of the open-source Wyvern Protocol. Hackers were then able to use the owner\u2019s signature to be transferred to a false contract that gave them ownership without having to pay for the NFTs.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>10 predictions for crypto in 2023<\/em><\/strong><\/p>\n<p>OpenSea recently reversed some of its previous policies after it was <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/opensea\/status\/1486843204062236676\">reported<\/a> that 80% of NFTs minted for free on the platform were plagiarized or spam. OpenSea also relies on trust in the developers that use its API, which is not a foolproof way to assess risk. These developers could use the API for malicious purposes to take advantage of users signing contracts they don\u2019t read.<\/p>\n<p>Smart contracts are an integral part of the blockchain engine and can be found everywhere, from NFT exchanges to veritable decentralized applications. Understanding how these contracts function is imperative to keeping users secure. Rather than reinventing the wheel, companies can implement standard protocols to ensure smart contracts are resilient and protected from malicious activity. From there, companies can take advantage of the blockchain\u2019s flexible nature and customize their contract, like setting up multisignature wallets and regular unit testing. <\/p>\n<h2><span class=\"ez-toc-section\" id=\"Beware_of_the_spammy_airdrop\"><\/span>Beware of the spammy airdrop<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If you look for the popular Mutant Hounds collection featured on OpenSea\u2019s top collections, there is no indication of which collection is legitimate. Lack of verification can lead to counterfeit collections being formed, artificially increasing the price to make it appear legitimate and confusing to users. Fake collections are often distributed through airdrops, intended to be found through an NFT platform\u2019s search functionality.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>What Paul Krugman gets wrong about crypto<\/em><\/strong><\/p>\n<p>Spammy collections can also send users NFTs they did not ask for via airdrops. Users will be redirected not through the platform where they hold a collection, such as OpenSea, but via a different site, where the scam occurs.<\/p>\n<p>This is a commonplace risk that can be addressed by platforms monitoring such activity, either through a crowdsourced database that tracks fraudulent accounts or an administrative tool that knows what to look for and is constantly aware of updated scams. In addition, NFT platforms can require bids to be in the same currency as the listing to avoid confusion. Many users have been scammed by accepting an offer in a less valuable currency than the one in which they listed the NFT for sale. Blockchain platforms can rely on data to expose their outliers by flagging suspicious activity based on irregular activity among a small number of holders.<\/p>\n<p>Of course, it must be noted that companies like OpenSea are in the challenging position of having to police fraudulent accounts that mint on their platform. In many cases, it boils down to a need for more verification of the official collection.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Onboarding_is_an_integral_part_of_the_business_plan\"><\/span>Onboarding is an integral part of the business plan<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Onboarding should be a core part of the blockchain experience for veteran and novice users. Like smart contracts, establishing clear user guidelines and highlighting potential risks should be considered one of the fundamental best practices for ensuring user safety. These guides should be regularly reviewed, taking into account risk assessment, and adjusted accordingly as blockchain matures. <\/p>\n<p>Among experienced users, the initialism \u201cDYOR\u201d is commonplace among users on the blockchain. As an abbreviation of \u201cdo your own research,\u201d this expression has become an unspoken rule for those interacting with potential investment opportunities. Yet, it can be challenging for newcomers to know precisely where to start. There is a chorus of discordant information from influencers within the space who are often pushing the next big thing and driving risky investments, resulting in users falling victim to scams or loss of assets. Guidelines and educational materials should be readily available, curated to each platform\u2019s value system and unique risks.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Best_practices_should_be_a_priority_for_all_blockchain_platforms\"><\/span>Best practices should be a priority for all blockchain platforms<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>As the blockchain community currently works through its growing pains, companies should take the hard lessons learned via major exploits like the ones on OpenSea and refine their security protocols to ensure that doesn\u2019t happen again. Learning the ins and outs of basic technology, from smart contracts to how to protect one\u2019s seed phrase, should be the starting point. From there, learn how to implement and maintain best practices, such as identifying malicious activity and those wreaking havoc. Perhaps all it would have taken to prevent some of the most recent large-scale hacks was simply for someone to notice that something seemed off.<\/p>\n<div>\n<div style=\"background: rgb(239, 239, 239); border: 1px solid rgb(204, 204, 204); padding: 10px;\"><strong>Michael R. Pierce<\/strong> is the co-founder and CEO of NotCommon. He received both his BBA and MBA from The University of Texas at Austin.<\/div>\n<\/div>\n<p class=\"post-content__disclaimer\"><em>This article is for <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a> information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed here are the author\u2019s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.<\/em><\/p>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/opensea-must-become-more-ambitious-about-fighting-hackers\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; OpenSea serves as an example of why crypto security must improve &#8220; In February 2022, OpenSea fell prey to a major phishing attack that resulted in over $1.7 million in nonfungible tokens (NFTs) being stolen from users. It wasn\u2019t the only incident: Blockchain users reportedly lost $3.9 billion to fraudulent activity in 2022 alone&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":547143,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/s3.cointelegraph.com\/uploads\/2023-01\/3beafd66-5d7f-4480-91a3-6a5beb24539f.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,76978,74882,133792,70375,70944,75134,72287],"class_list":["post-547142","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-cybercrime","tag-hacks","tag-opensea","tag-cybersecurity","tag-hackers","tag-phishing","tag-security"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/547142","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=547142"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/547142\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/547143"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=547142"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=547142"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=547142"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}