The team flagged almost $25 million worth of NFTs hacked through offline signatures at the time of writing.
1162 Total views
22 Total shares
Own this piece of history
Collect this article as an NFT
A wallet security team released a real-time dashboard that lets community members detect, track and monitor potential nonfungible token (NFT) hacks using offline signatures in the OpenSea marketplace.
According to the team behind crypto wallet ZenGo, they created an NFT hack detector using a simple method. This includes tracking realized NFT trades in the NFT marketplace and comparing the trade amount of the NFT collection’s floor price. If the ratio between the two trade values is suspiciously low, it will get flagged as a potential hack.
At the time of writing, the dashboard flagged almost $25 million worth of NFTs hacked through offline signatures. Tal Be’ery, the chief technology officer of ZenGo, also told Cointelegraph that this type of hack differs from others in two ways.
First, this type of hack does not have a general way of showing the meaning of the messages users must sign. This means that users must “blindly trust” the message and “blindly sign them.“ In addition, Be’ery also explained that this type of hack involves platforms’ contracts and argued that platforms share some responsibilities in these cases.
Related: Here’s how to prevent NFT theft, according to industry professionals
When asked about potential solutions for this problem within the community, the wallet executive claimed there’s currently no good solution. He explained that:
“Users can use some proprietary browser extensions that give some visibility into some offline signatures, but does not cover all offline signatures and needs to be updated whenever a new form of offline signature is added.”
According to the ZenGo team, they’ve also started working with the Ethereum Foundation, various decentralized applications, and other wallets to support a draft Ethereum Improvement Proposal (EIP) that fixes the issue if implemented. Be’ery said:
“The EIP allows a contract to describe the exact meaning of the offline signature, such that the wallet app can display it to the user and then the user can make an informed decision on whether or not they want to sign the offline signature and don’t need to blindly sign.”
Similarly, the other entities within the community have also been issuing warnings over gasless transactions on OpenSea. On Dec. 23, anti-theft project Harpie warned the community about a private auction scam that threatens users of the NFT marketplace. The scam also involves blindly approving signatures.