OpenSea closes vulnerability that could have exposed users’ personal data

The OpenSea NFT marketplace team fixed a vulnerability that threatened to expose user data. The issue was discovered by Imperva security researchers.

Imperva Red Team discovered a cross-site search vulnerability affecting the #NFT marketplace #OpenSea.

This vulnerability allows for the deanonymization of users, potentially revealing a user’s identity. https://t.co/nGQWceeGEc

— Imperva (@Imperva) March 9, 2023

Security researchers found that the bug allowed de-anonymizing users of the platform by linking an IP address, browser session data, and email to a specific NFT.

According to experts, the cause of the bug was a misconfiguration of the iFrame-resizer library. The vulnerability allowed data to be aggregated through cross-site search.

Using information returned in responses, an attacker could then send phishing links to a potential victim.

Earlier in December 2022, OpenSea became victims of an attack worth several million dollars.