Cybersecurity firm alerts OpenSea about possible $750,000 vulnerability

By Raffaele Redi

OpenSea’s Bug Bounty program has allowed the platform to quickly address vulnerabilities

OpenSea logo displayed on a smartphone                                 
With $14.7m of NFTs traded, OpenSea is the largest NFT platform, according to DappRadar - Photo: Shutterstock
                                

Cybersecurity intelligence firm, PerkShield, signalled a possible vulnerability in the largest  NFT platform, OpenSea. However, the incident was not confirmed by the platform at the time of publishing.

According to the firm, “It appears that Opensea has a front-end issue and the exploiter gained around ETH332 or circa $750,000 at the current rate”.

The cybersecurity company did not provide any other details on the incident so far.

The Bug Bounty program

While the incident is yet to be confirmed, the intelligence firm could be entitled to receive up to $50,000, and on some occasions even more, in compensation as stated in the recent OpenSea bounty program.

According to the platform, since May 2020, over 25 vulnerabilities were resolved as reports from cybersecurities firms came to assist OpenSea to solve them.

“Since its launch, OpenSea’s Bug Bounty program has allowed us to quickly address vulnerabilities, improve our defences, and help keep our platform secure alongside our own teams’ efforts,” said Alex Atallah, co-founder of OpenSea.

“Engagement has been tremendous, and since May of 2020, we’ve resolved and paid bounty for more than 25 proven vulnerability reports”.

The OpenSea rewards

In exchange for vulnerability reports, the OpenSea platform provides rewards in a tiered model based on the severity of the issue reported.

The bounties range between $500 and $50,000, depending on the severity of the vulnerability and impact, with all bounties subject to be paid out at higher rates at the discretion of the OpenSea team depending on severity of the reported vulnerability.

“When we receive a report, we commit to responding to and triaging new bug bounty submissions in less than 4 days, issuing bounties for confirmed vulnerabilities in less than 25 days, and resolving any proven vulnerabilities as quickly as possible”.

The Security Group

OpenSea recently pioneered an open collaboration in the Web3 space to tackle security and safety challenges at the highest level, announcing the creation of a private NFT Security Group.

The NFT Security Group currently includes selected companies like: Adobe, Alchemy, Arweave, Bitski, Blockade Games, Coinbase, Foundation, Horizon Blockchain Games, Immunefi, Protocol Labs (IPFS), KnownOrigin, MakersPlace, Manifold, MetaMask, Nifty Gateway, OpenSea, Polygon, Rarible, Showtime, SuperRare, WalletConnect, Zora and 0x.

“We seek to have impact through collaboration and accountability, and we understand that consumers will always have many options when choosing their NFT and web3 platforms. Vulnerabilities across specific platforms will persist and impact the industry, unless we can tackle them together,” said OpenSea.

Further reading

The material provided on this website is for information purposes only and should not be regarded as investment research or investment advice. Any opinion that may be provided on this page is a subjective point of view of the author and does not constitute a recommendation by Currency Com Bel LLC or its partners. We do not make any endorsements or warranty on the accuracy or completeness of the information that is provided on this page. By relying on the information on this page, you acknowledge that you are acting knowingly and independently and that you accept all the risks involved.
iPhone Image
Trade the world’s top tokenised stocks, indices, commodities and currencies with the help of crypto or fiat
iMac Image
Trade the world’s top tokenised stocks, indices, commodities and currencies with the help of crypto or fiat
iMac Image