- Changes on NFT’s Exchange OpenSea
- Circle Partners with Cross River
Changes on NFT’s Exchange OpenSea
The nonfungible token (NFT) exchange OpenSea has patched a security hole that, if exploited, might have uncovered private data about its unidentified users.
According to a Mar 9th report from the cybersecurity company Imperva, the vulnerability was found. In some circumstances, it might have revealed OpenSea end users by connecting an Internet Protocol (IP) address, a web activity, and an email address to a nonfungible token.
According to Imperva, attackers exposed users’ data based on acquired data tied to the exchange and its operations because an NFT is linked to a crypto exchange address.
According to sources, the attack abused a system flaw in OpenSea that allowed cross-site scripting. OpenSea had improperly configured a library used for scaling website components that import HTML material from other sources, such as adverts, collective features, or placed films, according to cybersecurity company Imperva.
Attackers might use the information this library transmitted as an “oracle” to focus their efforts when searches produced no hits because OpenSea did not impose any restrictions on contact with it.
Imperva went on to say that attackers could send their victims a link via an SMS or email that, when clicked, would reveal important characteristics about the target, including their IP address, software acting on behalf of users, software components, and appliance specifications.
Attackers that produce phishing URLs that mimic the OpenSea platform or make signature demands that seem to come from OpenSea have targeted the platform.
The site has come under fire for security after over $1.7 million NFTs were stolen from customers due to a phishing attempt in Feb 2022. However, it’s unclear how long the flaw persisted or whether the exploit impacted any users after the latest patch.
Circle Partners with Cross River
Circle, a significant cryptocurrency corporation, went through a crisis over the weekend as the value of its USDC stablecoin against the US dollar fell under 90 cents. However, several steps banks and authorities took eventually helped regain public trust in the token. By Sunday night, USDC rebounded and was traded at a price almost identical to that of the USD.
Late Sunday evening, Circle announced that the $3.3 billion in SVB funds that comprised the reserves supporting the USDC stablecoin remained secure and that traders might exchange the token at a 1:1 ratio with the US dollar.
Circle also disclosed the addition of Cross River Bank as a new commercial banking partner for the production and redemption of USDC. Fintech enterprises and well-known corporations such as Coinbase and Visa frequently use the banking services offered by Cross River Bank.
The company also disclosed other “extended collaborations” for USDC redemptions, including BNY Mellon, which already offers custodial functions for Circle’s reserves.
In addition, Circle’s release indicated that it was unaffected by Silvergate, a cryptocurrency-friendly bank that on Sunday announced its liquidation as part of a federal regulatory acquisition procedure.
The sudden failure of Silicon Valley Bank (SVB), one of the largest banks in the United States and a financial pillar of the venture and capital industries, was the primary cause of the USDC crisis over the weekend.
Several businesses, including Circle, panicked when SVB collapsed because they could not access deposits worth billions of dollars. However, Federal Reserve calmed the markets on Sunday after it declared that depositors at SVB would receive full compensation.