Both OpenSea and Metamask have logged cases of IP address leaks associated with transferring nonfungible tokens (NFTs), according to researchers at Convex Labs and OMNIA protocol.

Nick Bax, head of research at NFT organization Convex Labs tested out how NFT marketplaces like OpenSea allow vendors or attackers to harvest IP addresses. He created a listing for a Simpsons and South Park crossover image, entitling it “I just right click + saved your IP address” to prove that when the NFT listing is viewed, it loads custom code that logs the viewer’s IP address and shares it with the vendor.

In a Twitter thread, Bax admitted that he “does not consider my OpenSea IP logging NFT to be a vulnerability” because that is simply “the way it works.” It’s important to remember that NFTs are, at their core, a piece of software code or digital data that can be pushed or pulled. It is quite common for the actual image or asset to be stored on a remote server, while only the asset’s URL is on-chain. When an NFT is transferred to a blockchain address, the receiving crypto wallet fetches the remote image from the URL associated with the NFT.

Bax further explained the technical details in a Convex Labs Medium post that OpenSea allows NFT creators to add additional metadata that enables file extensions for HTML pages. If the metadata is stored as a json file on a decentralized storage network, such as IPFS or on remote centralized cloud servers, then OpenSea can download the image as…

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.