The wallet security team has released a real-time dashboard that allows community members to detect, track and monitor potential non-fungible token (NFT) hacks using offline signatures on the OpenSea market.
According to the team behind the ZenGo cryptocurrency created an NFT hack detector using a simple method. This includes tracking executed NFT trades on the NFT market and comparing the volume of trades to the minimum price of the NFT collection. If the ratio between the two store values is suspiciously low, it will be flagged as a potential hack.
At the time of writing, nearly $25 million worth of NFTs hacked through offline signatures were appearing on the dashboard. Tal Be’ery, ZenGo’s chief technology officer, also told Cointelegraph that this type of hack differs from others in two ways.
First of all, this type of hack does not have a general way to show the meaning of messages that users have to sign. This means that users have to “blindly believe” the message and “blindly sign it.” In addition, Be’ery also explained that this type of hack involves the platforms’ contracts and argued that the platforms share some responsibility in these cases.
Related: Here’s how to prevent NFT theft, according to industry experts
When asked about possible solutions to this problem within the community, the wallet leader claimed that there is currently no good solution. He explained that:
“Users may use some proprietary browser extensions that provide some visibility of some offline signatures, but they do not cover all offline signatures and need to be updated whenever a new form of offline signature is added.”
According to the ZenGo team, they have also started working with the Ethereum Foundation, various decentralized applications and other wallets to support the proposal of an Ethereum Improvement Proposal (EIP) that will fix the problem if implemented. Be’ery said:
“EIP allows the contract to describe the exact meaning of the offline signature, so the wallet app can display it to the user, and the user can then make an informed decision whether or not to sign the signature offline. I don’t have to sign blindly.”
Similarly, other entities within the community have also issued warnings about non-gas transactions on OpenSea. December 23rd Harpie anti-theft project he warned the community about a private auction scam that threatens users of the NFT marketplace. Fraud also includes blind approval of signatures.