Warning Issued by Pocket Universe Regarding NFT Theft Vulnerability

03/15/2023 22:21 • AI Insights • 107 views

It is reported that the Web3 security company Pocket Universe issued a warning on social media that hackers may steal NFT by using the Blur signature vulnerability. This scam will use the forged signature request to exhaust the NFT of users’ wallets. Its operation mode is to induce the victim to sign a transaction of “selling NFT in bulk at 0 ETH price”. However, there is always a message in the Blur batch list that is unreadable, As a result, users do not know what they are signing and the message cannot be translated, which will make it easier for hackers to gain access and make it more difficult to identify malicious requests from hackers. Pocket Universe said that it has provided a security solution, that is, to mark transactions that are not from the official Blur website. However, in the first cases, hackers have been found to have stolen 5 ETHs in a signed transaction.

Security companies: hackers or use Blur signature vulnerabilities to steal NFT

Analysis based on this information:

Pocket Universe, a popular Web3 security company, recently issued a warning about a potential scam that could lead to the theft of Non-fungible tokens (NFTs). The scam involves a vulnerability in the Blur signature, which the hackers could exploit to exhaust NFTs from users’ wallets. The thieves’ modus operandi is to trick the victims into signing a bulk NFT sale transaction at a price of 0 ETH. However, there is an unreadable message in the Blur batch list, making it challenging for users to identify the request’s nature.

This scam’s successful execution is highly reliant on inducing the victims into signing a scam transaction, without the ability to read the activities’ contents or intent. Due to the difficulty in interpreting the message, hackers could activate malicious requests undetected, which would otherwise be flagged and blocked.

Pocket Universe proposes a solution to mitigate the risks posed by the scam, namely marking non-official transactions originating from the Blur website. This way, users would be able to differentiate between legitimate and fake transactions and protect their NFTs.

Despite the security mechanisms deployed by Pocket Universe, the scam succeeded in causing a loss of 5 ETH in signed transactions. The victims are yet to recover their stolen assets, highlighting the potential damage that these scams could inflict on the Web3 ecosystem’s users.

In conclusion, this scam exposes the vulnerabilities in the Web3 ecosystem by relying heavily on human error, specifically induced by unreadable message contents. It highlights the need for better security mechanisms to protect the ecosystem’s users, such as advanced encryption or more user-friendly interfaces. Ultimately, it is necessary to note that, while the technology evolves to protect the users, there always will be malicious actors looking to exploit vulnerabilities for personal gain. The question is whether the ecosystem can adapt fast enough to outpace the malicious actors’ innovations.

This article and pictures are from the Internet and do not represent aiwaka's position. If you infringe, please contact us to delete:https://www.aiwaka.com/2023/03/15/warning-issued-by-pocket-universe-regarding-nft-theft-vulnerability/

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.