ZenGo's NFT Hack Detector

Jessie A Ellis  Feb 23, 2023 17:07  UTC 09:07

2 Min Read

A real-time dashboard has been made available in the OpenSea marketplace by a wallet security team. This dashboard gives community members the ability to identify, track, and monitor possible breaches using nonfungible tokens (NFTs) utilizing offline signatures.

The company behind the cryptocurrency wallet ZenGo claims that they have developed an NFT hack detection using a straightforward approach. This involves keeping a record of realized NFT transactions in the NFT marketplace and comparing the amount of each trade to the floor price of the NFT collection. It will be detected as a possible hack if the ratio between the two trade values is unusually low. 

To begin, this form of hack does not have a standard method for revealing the significance of the messages that users are required to sign. This indicates that people need to "blindly believe" the message and "blindly sign them" in order to proceed. In addition, Be'ery noted that this kind of attack affects the contracts of the platforms and suggested that platforms share some responsibility in situations like these.

When a wallet executive was questioned about possible answers to this issue within the community, they responded by asserting that there is presently no satisfactory answer. His explanation was as follows: "Users can utilize certain proprietary browser extensions that allow some access into some offline signatures. However, these extensions do not cover all offline signatures, and they need to be updated whenever a new kind of offline signature is introduced."

According to the ZenGo team, they have also begun working with the Ethereum Foundation, as well as a variety of decentralized apps and other wallets, to endorse a draft Ethereum Improvement Proposal (EIP) that, if adopted, will remedy the problem. According to Be'ery, "The EIP allows a contract to describe the exact meaning of the offline signature, such that the wallet app can display it to the user. The user can then make an informed decision as to whether or not they want to sign the offline signature, and they don't need to blindly sign." This is made possible by the EIP.

On OpenSea, similar cautionary statements on gasless transactions have been issued by the community's other organizations and individuals as well. The anti-theft project Harpie issued a warning to the community on December 23 on a fraud using private auctions that affects users of the NFT marketplace. In addition to that, the fraud entails mindlessly validating signatures.



Read More