{"id":555117,"date":"2023-02-22T17:00:00","date_gmt":"2023-02-22T14:00:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/security-team-creates-dashboard-to-detect-potential-nft-hacks-in-opensea\/"},"modified":"2023-02-22T17:00:00","modified_gmt":"2023-02-22T14:00:00","slug":"security-team-creates-dashboard-to-detect-potential-nft-hacks-in-opensea","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/security-team-creates-dashboard-to-detect-potential-nft-hacks-in-opensea\/","title":{"rendered":"# Security team creates dashboard to detect potential NFT hacks in OpenSea"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2d4c616bc5b\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2d4c616bc5b\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/security-team-creates-dashboard-to-detect-potential-nft-hacks-in-opensea\/#%E2%80%9D_Security_team_creates_dashboard_to_detect_potential_NFT_hacks_in_OpenSea_%E2%80%9C\" >&#8221; Security team creates dashboard to detect potential NFT hacks in OpenSea &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Security_team_creates_dashboard_to_detect_potential_NFT_hacks_in_OpenSea_%E2%80%9C\"><\/span>&#8221; Security team creates dashboard to detect potential NFT hacks in OpenSea &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-48054ca8>A wallet security team released a real-time dashboard that lets community members detect, track and monitor potential nonfungible token (NFT) hacks using offline signatures in the OpenSea marketplace.\u00a0<\/p>\n<p><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/zengo.com\/offline-signatures-can-drain-your-wallet-the-north-korean-connection-part-4-4\/\">According<\/a> to the team behind crypto wallet ZenGo, they created an NFT hack detector using a simple method. This includes tracking realized NFT trades in the NFT marketplace and comparing the trade amount of the NFT collection\u2019s floor price. If the ratio between the two trade values is suspiciously low, it will get flagged as a potential hack. <\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/aaf08e08-4dd7-4ef0-9c18-c88169cc0101.png\"><figcaption style=\"text-align: center;\"><em>ZenGo wallet dashboard for detecting NFT hacks. Source: Dune Analytics<\/em><\/figcaption><\/figure>\n<p>At the time of writing, the dashboard flagged almost $25 million worth of NFTs hacked through offline signatures. Tal Be\u2019ery, the chief <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> officer of ZenGo, also told Cointelegraph that this type of hack differs from others in two ways.\u00a0<\/p>\n<p>First, this type of hack does not have a <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a> way of showing the meaning of the messages users must sign. This means that users must \u201cblindly trust\u201d the message and \u201cblindly sign them.\u201c In addition, Be\u2019ery also explained that this type of hack involves platforms\u2019 contracts and argued that platforms share some responsibilities in these cases. <\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Here\u2019s how to prevent NFT theft, according to industry professionals<\/em><\/strong><\/p>\n<p>When asked about potential solutions for this problem within the community, the wallet executive claimed there\u2019s currently no good solution. He explained that: <\/p>\n<blockquote><p>\u201cUsers can use some proprietary browser extensions that give some visibility into some offline signatures, but does not cover all offline signatures and needs to be updated whenever a new form of offline signature is added.\u201d<\/p><\/blockquote>\n<p>According to the ZenGo team, they\u2019ve also started working with the Ethereum Foundation, various decentralized <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>lications, and other wallets to support a draft Ethereum Improvement Proposal (EIP) that fixes the issue if implemented. Be\u2019ery said: <\/p>\n<blockquote><p>\u201cThe EIP allows a contract to describe the exact meaning of the offline signature, such that the wallet app can display it to the user and then the user can make an informed decision on whether or not they want to sign the offline signature and don\u2019t need to blindly sign.\u201d<\/p><\/blockquote>\n<p>Similarly, the other entities within the community have also been issuing warnings over gasless transactions on OpenSea. On Dec. 23, anti-theft project Harpie warned the community about a private auction scam that threatens users of the NFT marketplace. The scam also involves blindly approving signatures. <\/p>\n<p><template data-name=\"subscription_form\" data-type=\"nifty_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/security-team-creates-dashboard-to-detect-potential-nft-hacks-in-opensea\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Security team creates dashboard to detect potential NFT hacks in OpenSea &#8220; A wallet security team released a real-time dashboard that lets community members detect, track and monitor potential nonfungible token (NFT) hacks using offline signatures in the OpenSea marketplace.\u00a0 According to the team behind crypto wallet ZenGo, they created an NFT hack detector&#8230;<\/p>\n","protected":false},"author":1,"featured_media":555118,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/ba467cda-5caf-40da-a2db-9979599a4634.JPG","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74891,74882,95118,70375,70944,72287],"class_list":["post-555117","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-ethereum","tag-hacks","tag-nft","tag-cybersecurity","tag-hackers","tag-security"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/555117","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=555117"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/555117\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/555118"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=555117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=555117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=555117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}