This site uses cookies. Browsing the site, you agree to the use of cookies. If you need more information, please visit the Cookies Policy page
Cryptocurrencies: 9708 / Markets: 81061
Market Cap: $ 2 301 934 933 572 / 24h Vol: $ 116 676 324 717 / BTC Dominance: 54.046782535814%

Н News

OpenSea serves as an example of why crypto security must improve


For cryptocurrency to achieve mass adoption, breaches that can be easily prevented — like the phishing attack that resulted in OpenSea losing $1.7 million — need to end.

In February 2022, OpenSea fell prey to a major phishing attack that resulted in over $1.7 million in nonfungible tokens (NFTs) being stolen from users. It wasn’t the only incident: Blockchain users reportedly lost $3.9 billion to fraudulent activity in 2022 alone.

As we entered 2023, there was a chorus of promises to increase security within the crypto space. But, so far, things haven’t significantly changed. Companies that utilize blockchain still aren’t doing enough to prevent scams.

If blockchain technology is going to see mass adoption, companies will have to change their approach from the bottom up. By focusing on education and implementing better processes to identify malicious activity, these platforms can better serve their customers as the space continues to grow.

Blockchain platforms need to learn how to identify malicious activity

In the case of the OpenSea hack, victims were asked to sign an incomplete contract, seemingly at the platform’s request. While OpenSea’s core infrastructure was not hacked, the fake accounts were able to take advantage of the open-source Wyvern Protocol. Hackers were then able to use the owner’s signature to be transferred to a false contract that gave them ownership without having to pay for the NFTs.

Related: 10 predictions for crypto in 2023

OpenSea recently reversed some of its previous policies after it was reported that 80% of NFTs minted for free on the platform were plagiarized or spam. OpenSea also relies on trust in the developers that use its API, which is not a foolproof way to assess risk. These developers could use the API for malicious purposes to take advantage of users signing contracts they don’t read.

Smart contracts are an integral part of the blockchain engine and can be found everywhere, from NFT exchanges to veritable decentralized applications. Understanding how these contracts function is imperative to keeping users secure. Rather than reinventing the wheel, companies can implement standard protocols to ensure smart contracts are resilient and protected from malicious activity. From there, companies can take advantage of the blockchain’s flexible nature and customize their contract, like setting up multisignature wallets and regular unit testing.

Beware of the spammy airdrop

If you look for the popular Mutant Hounds collection featured on OpenSea’s top collections, there is no indication of which collection is legitimate. Lack of verification can lead to counterfeit collections being formed, artificially increasing the price to make it appear legitimate and confusing to users. Fake collections are often distributed through airdrops, intended to be found through an NFT platform’s search functionality.

Related: What Paul Krugman gets wrong about crypto

Spammy collections can also send users NFTs they did not ask for via airdrops. Users will be redirected not through the platform where they hold a collection, such as OpenSea, but via a different site, where the scam occurs.

This is a commonplace risk that can be addressed by platforms monitoring such activity, either through a crowdsourced database that tracks fraudulent accounts or an administrative tool that knows what to look for and is constantly aware of updated scams. In addition, NFT platforms can require bids to be in the same currency as the listing to avoid confusion. Many users have been scammed by accepting an offer in a less valuable currency than the one in which they listed the NFT for sale. Blockchain platforms can rely on data to expose their outliers by flagging suspicious activity based on irregular activity among a small number of holders.

Of course, it must be noted that companies like OpenSea are in the challenging position of having to police fraudulent accounts that mint on their platform. In many cases, it boils down to a need for more verification of the official collection.

Onboarding is an integral part of the business plan

Onboarding should be a core part of the blockchain experience for veteran and novice users. Like smart contracts, establishing clear user guidelines and highlighting potential risks should be considered one of the fundamental best practices for ensuring user safety. These guides should be regularly reviewed, taking into account risk assessment, and adjusted accordingly as blockchain matures.

Among experienced users, the initialism “DYOR” is commonplace among users on the blockchain. As an abbreviation of “do your own research,” this expression has become an unspoken rule for those interacting with potential investment opportunities. Yet, it can be challenging for newcomers to know precisely where to start. There is a chorus of discordant information from influencers within the space who are often pushing the next big thing and driving risky investments, resulting in users falling victim to scams or loss of assets. Guidelines and educational materials should be readily available, curated to each platform’s value system and unique risks.

Best practices should be a priority for all blockchain platforms

As the blockchain community currently works through its growing pains, companies should take the hard lessons learned via major exploits like the ones on OpenSea and refine their security protocols to ensure that doesn’t happen again. Learning the ins and outs of basic technology, from smart contracts to how to protect one’s seed phrase, should be the starting point. From there, learn how to implement and maintain best practices, such as identifying malicious activity and those wreaking havoc. Perhaps all it would have taken to prevent some of the most recent large-scale hacks was simply for someone to notice that something seemed off.

Michael R. Pierce is the co-founder and CEO of NotCommon. He received both his BBA and MBA from The University of Texas at Austin.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.


  • 07.09.23 16:24 CherryTeam

    Cherry Team atlyginimų skaičiavimo programa yra labai naudingas įrankis įmonėms, kai reikia efektyviai valdyti ir skaičiuoti darbuotojų atlyginimus. Ši programinė įranga, turinti išsamias funkcijas ir patogią naudotojo sąsają, suteikia daug privalumų, kurie padeda supaprastinti darbo užmokesčio skaičiavimo procesus ir pagerinti finansų valdymą. Štai keletas pagrindinių priežasčių, kodėl Cherry Team atlyginimų skaičiavimo programa yra naudinga įmonėms: Automatizuoti ir tikslūs skaičiavimai: Atlyginimų skaičiavimai rankiniu būdu gali būti klaidingi ir reikalauti daug laiko. Programinė įranga Cherry Team automatizuoja visą atlyginimų skaičiavimo procesą, todėl nebereikia atlikti skaičiavimų rankiniu būdu ir sumažėja klaidų rizika. Tiksliai apskaičiuodama atlyginimus, įskaitant tokius veiksnius, kaip pagrindinis atlyginimas, viršvalandžiai, premijos, išskaitos ir mokesčiai, programa užtikrina tikslius ir be klaidų darbo užmokesčio skaičiavimo rezultatus. Sutaupoma laiko ir išlaidų: Darbo užmokesčio valdymas gali būti daug darbo jėgos reikalaujanti užduotis, reikalaujanti daug laiko ir išteklių. Programa Cherry Team supaprastina ir pagreitina darbo užmokesčio skaičiavimo procesą, nes automatizuoja skaičiavimus, generuoja darbo užmokesčio žiniaraščius ir tvarko išskaičiuojamus mokesčius. Šis automatizavimas padeda įmonėms sutaupyti daug laiko ir pastangų, todėl žmogiškųjų išteklių ir finansų komandos gali sutelkti dėmesį į strategiškai svarbesnę veiklą. Be to, racionalizuodamos darbo užmokesčio operacijas, įmonės gali sumažinti administracines išlaidas, susijusias su rankiniu darbo užmokesčio tvarkymu. Mokesčių ir darbo teisės aktų laikymasis: Įmonėms labai svarbu laikytis mokesčių ir darbo teisės aktų, kad išvengtų baudų ir teisinių problemų. Programinė įranga Cherry Team seka besikeičiančius mokesčių įstatymus ir darbo reglamentus, užtikrindama tikslius skaičiavimus ir teisinių reikalavimų laikymąsi. Programa gali dirbti su sudėtingais mokesčių scenarijais, pavyzdžiui, keliomis mokesčių grupėmis ir įvairių rūšių atskaitymais, todėl užtikrina atitiktį reikalavimams ir kartu sumažina klaidų riziką. Ataskaitų rengimas ir analizė: Programa Cherry Team siūlo patikimas ataskaitų teikimo ir analizės galimybes, suteikiančias įmonėms vertingų įžvalgų apie darbo užmokesčio duomenis. Ji gali generuoti ataskaitas apie įvairius aspektus, pavyzdžiui, darbo užmokesčio paskirstymą, išskaičiuojamus mokesčius ir darbo sąnaudas. Šios ataskaitos leidžia įmonėms analizuoti darbo užmokesčio tendencijas, nustatyti tobulintinas sritis ir priimti pagrįstus finansinius sprendimus. Pasinaudodamos duomenimis pagrįstomis įžvalgomis, įmonės gali optimizuoti savo darbo užmokesčio strategijas ir veiksmingai kontroliuoti išlaidas. Integracija su kitomis sistemomis: Cherry Team programinė įranga dažnai sklandžiai integruojama su kitomis personalo ir apskaitos sistemomis. Tokia integracija leidžia automatiškai perkelti atitinkamus duomenis, pavyzdžiui, informaciją apie darbuotojus ir finansinius įrašus, todėl nebereikia dubliuoti duomenų. Supaprastintas duomenų srautas tarp sistemų padidina bendrą efektyvumą ir sumažina duomenų klaidų ar neatitikimų riziką. Cherry Team atlyginimų apskaičiavimo programa įmonėms teikia didelę naudą - automatiniai ir tikslūs skaičiavimai, laiko ir sąnaudų taupymas, atitiktis mokesčių ir darbo teisės aktų reikalavimams, ataskaitų teikimo ir analizės galimybės bei integracija su kitomis sistemomis. Naudodamos šią programinę įrangą įmonės gali supaprastinti darbo užmokesčio skaičiavimo procesus, užtikrinti tikslumą ir atitiktį reikalavimams, padidinti darbuotojų pasitenkinimą ir gauti vertingų įžvalgų apie savo finansinius duomenis. Programa Cherry Team pasirodo esanti nepakeičiamas įrankis įmonėms, siekiančioms efektyviai ir veiksmingai valdyti darbo užmokestį.

  • 08.10.23 01:30 davec8080

    The "Shibarium for this confirmed rug pull is a BEP-20 project not related at all to Shibarium, SHIB, BONE or LEASH. The Plot Thickens. Someone posted the actual transactions!!!! It seems the article is true!!!! And it's also FUD. Let me explain. Check this link: So there really is a "Shibarium" token. And somebody did a rug pull with it. CONFIRMED. But the "Shibarium" token for this confirmed rug pull is a BEP-20 project not related at all to Shibarium, SHIB, BONE or LEASH.

To join the Chat, you need a free account. Enter Registration
Have questions?
We're available 24/7
Help Icon