Share this article
OpenSea Says It Patched an NFT Phishing Vulnerability
The NFT marketplace said it fixed the loophole as soon as it was notified by a security firm and no accounts were compromised.
Updated May 11, 2023, 5:46 p.m. Published Oct 13, 2021, 8:58 p.m.
OpenSea, a popular marketplace for non-fungible tokens, has closed an NFT phishing loophole discovered by Check Point Research, a division of publicly traded security firm Check Point Software Technologies.
- Check Point wrote about the discovery in a blog post on Wednesday and outlined the scam in a video, saying that clicking pop-ups associated with malicious, airdropped NFTs could have provided access to customers’ wallets.
- The company said that it notified OpenSea of the vulnerability on Sept. 26 and that OpenSea fixed the issue and verified the fix within an hour.
- “It’s important to note had an attacker attempted to take advantage of this flaw, the end user would have needed to approve the malicious transaction through a wallet signature,” OpenSea wrote in its own blog post about the issue on Wednesday. It said it hadn’t been able to identify any instances where the vulnerability was exploited.
- The phishing attack is a common tactic in the world of NFTs – thieves will send fishy tokens to public addresses on the Ethereum blockchain and wait for users to interact with them.
- Scams are still pervasive on the platform, and throughout crypto in general, as CoinDesk outlined in this piece on NFT phishing schemes.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Cascade Unveils 24/7 Neo-Brokerage Offering Perpetuals on Cryptos, U.S. Stocks
The platform will let retail traders use one margin account to trade round-the-clock perpetual markets.
What to know:
- Cascade has introduced a 24/7 brokerage-style app for perpetual markets spanning crypto, U.S. equities and private-asset exposure.
- The firm is pitching a single, unified margin account with direct-to-bank U.S. dollar capability for deposits and withdrawals.
- The company has raised $15 million from investors including Polychain Capital, Variant and Coinbase Ventures.
Top Stories
