A security team has developed a hack-monitoring and tracking platform as incidents of NFT thefts are expected to rise.
A web security group has built a dashboard that would help users track compromised NFTs on the Opensea marketplace. The platform has already detected and flagged non-fungible tokens valued at over $25 million through offline signatures.
A Twitter post from the company said,
“As a leader in the #Web3 security market, ZenGo creates solutions in partnership with #ethereumfundation , #dApps and other wallets.”
Offline signature risks
The report stated that the initiative supports the tracking of hacked NFTs through offline signatures in the biggest NFT marketplace.
The security company, which is also behind the ZenGo wallet, said that detecting, tracking, and monitoring NFT hacks has become an essential safety measure in the industry as incidents of non-fungible token hacks have become common.
Comparing floor price with actual price when sold
The dashboard of the hack detector functions by tracking sales made in the marketplace. If it is determined that the ratio of the realized trade of the NFT to its floor price is too low, it is flagged as a potential attack.
According to the team which is also behind crypto wallet ZenGo, they created an NFT hack detector using a simple method. This includes tracking realized NFT trades in the NFT marketplace and comparing the trade amount to the NFT collection’s floor price. If the ratio between the two trade values is suspiciously low, it will get flagged as a potential hack.
A different type of hack
Dune Analytics confirmed that NFTs valued at over $25 million have already been flagged by the software through online signatures. ZenGo’s chief technology officer, Tal Beéry, said that this type of hack is fundamentally different from others because users do not really understand the messages they sign. So they exhibit “blind trust” on such platforms. He added that platform contracts are involved in these transactions and so share some responsibilities.
On the solution to potential problems that could arise from these settings, he said,
“Users can use some proprietary browser extensions that give some visibility into some offline signatures, but do not cover all offline signatures and need to be updated whenever a new form of offline signature is added.”
Still a present risk
The ZenGo team added that there are no foolproof solutions for the time being.
According to the ZenGo team, they’re working with the Ethereum Foundation, various decentralized applications, and other wallets to ensure support for a draft Ethereum Improvement Proposal (EIP) that solves the problem.
Signed blindly
Be’ery said:
“The EIP allows a contract to describe the exact meaning of the offline signature, such that the wallet app can display it to the user, and then the user can make an informed decision on whether or not they want to sign the offline signature and don’t need to blindly sign.”
The ZenGo team is not the only one that has issued a warning on the risks associated with gasless transactions on OpenSea. Anti-theft project, Harpie announced last December that private auction scams could hurt the NFT marketplace. The scam essentially exploits the fact that people have to approve signatures even though they cannot interpret what the codes are intended to accomplish.
