If you plan to invest in cryptoassets, be careful, because pitfalls are multiplying at high speed. Every week, we discover new computer flaws that allow hackers to carry out thefts or scams. The latest example involves OpenSea, a platform dedicated to trading non-fungible tokens (NFTs).
In recent weeks, malicious users have managed to buy NFTs for less than the price displayed, then resell them with a hefty profit. This is how a buyer was able to get his hands on a copy of Bored Apes — digital drawings of monkeys that sell like hot cakes — for just 0.77 ether ($1,760), before reselling it again for 84.2 ether ($192,000).
Also see video:
The problem lies both at the OpenSea back-office level, and in the way the smart contracts, these computer codes that regulate transactions on the Ethereum blockchain.
When a user creates a new sale offer by setting a new price, the old offers remain valid until they have been publicly invalidated on the blockchain Ethereum.
The concern — as computer scientist Rotem Yakir explains on Twitter — it was that the OpenSea interface made it possible to define a new price for an NFT, without however carrying out this invalidation transaction (which costs transaction fees of several tens of euros).
Users therefore had the impression of having changed the price of their virtual item without knowing that the previous prices remained valid! Admittedly, these were no longer displayed, but they were still stored in the OpenSea database and remained accessible by requests on the programming interface. Which did not go unnoticed by the few smart guys. But even if OpenSea had erased the old prices from its database, the risk of being tricked would not have gone away. Because an offer of sale is a set of data signed by the owner that anyone can download and save.
99% transfer fee
But beware, not only are there hackers exploiting loopholes in cryptoassets, there are also fraudsters creating tokens with backdoors, as Check Point security researchers have seen. In an analysis note, they dissected the smart contracts of several cryptoassets and identified scam functions.
the token MetaMoonMars, for example, will consistently charge incredibly high transfer fees, up to 99%. Another example: the token “Mini Basketball” is coded in such a way as to make it impossible for resale, except for its creators. others tokens also incorporate the ability for developers to create tokens simply by calling a function reserved for them. You are never better served than by yourself.
At this level, it becomes frankly difficult for an investor to avoid the pitfalls, unless he is able to analyze in detail the code of the smart contracts. Which is clearly not within everyone’s reach.
“If you want to invest in crypto-assets in the future, make sure you only use reputable exchanges and only buy known tokens that already have a history of transactions”, recommends Check Point.
Sources : The Record, check point