Cryptocurrency Report
  • Home
  • News
    • Bitcoin
    • Ethereum
    • Altcoin
  • Blockchain
  • Analysis
  • DeFi
  • NFT
  • ICO
  • Videos
What's Hot

AML and KYC: A catalyst for mainstream crypto adoption

August 14, 2022

Bitcoin hits $25K as bearish voices call BTC price ‘double top’

August 14, 2022

Velodrome recovers $350K stolen funds from team member Gabagool

August 14, 2022
Facebook Twitter Instagram
  • Advertise
  • Privacy
  • Contact
  • Terms
Facebook Twitter Instagram LinkedIn
Cryptocurrency Report
  • Home
  • News
    1. Bitcoin
    2. Ethereum
    3. Altcoin
    4. View All

    Huobi Might Get a New Owner, FTX Among Potential Buyers – Report

    August 13, 2022

    Creditors Want to Pour Cold Water on Celsius’ Mined Bitcoin Sale Plans

    August 12, 2022

    Bitcoin and Ethereum Trim Gains, BTG and ETC Outperform

    August 12, 2022

    Crypto Awareness at 76% in Spain – Survey

    August 12, 2022

    Ethereum’s Vitalik Buterin Lists ‘Worthwhile’ Ideas for Developers to Work On

    August 12, 2022

    Iran Goes Crypto, Ethereum Classic Camp Is Against Ethereum PoW Fork + More News

    August 11, 2022

    Reddit Community Points Ready for the Ethereum Mainnet Move

    August 10, 2022

    ‘Most Significant Legal Action’ Against Crypto in US, Hodlnaut Halts Withdrawals, Zipmex Releases Ethereum & Bitcoin + More News

    August 9, 2022

    Ripple Reportedly Eyes Celsius’ Assets, New Crypto Rule from SEC, Risky Metaverse + More News

    August 12, 2022

    Bitcoin and Ethereum Correct Gains, Altcoins Turn Red Too

    August 12, 2022

    Tornado Cash Ban Blows Winds of Both Division and Unity Through Crypto Community

    August 11, 2022

    Crypto Listing and Delisting Announcements: Week 32

    August 11, 2022

    AML and KYC: A catalyst for mainstream crypto adoption

    August 14, 2022

    Bitcoin hits $25K as bearish voices call BTC price ‘double top’

    August 14, 2022

    Velodrome recovers $350K stolen funds from team member Gabagool

    August 14, 2022

    BlueBenx fires employees, halts funds withdrawal citing $32M hack

    August 14, 2022
  • Blockchain
  • Analysis
  • DeFi
  • NFT
  • ICO
  • Videos

    The Crypto Metaverse is Growing RAPIDLY! (INSANE MICROSOFT BUY)

    January 18, 2022

    BEST Crypto Safety Guide 101 (Keep Your $$ SAFE with Passphrases)

    January 18, 2022

    SHOCKING: Microsoft Enters the CRYPTO METAVERSE!!! (HUGE $69 Billion CASH Buy)

    January 18, 2022

    URGENT NEWS For Cardano Holders!! (MUST Watch Before Jan 20)

    January 17, 2022

    ⚠️ WARNING To All Bitcoin Holders ⚠️ (Time is RUNNING OUT!!!)

    January 17, 2022
  • bitcoinBitcoin(BTC)
    $42,304.00-0.92% 24H
    BITCOIN
    24H : -0.92%
    Volume : $18,001,823,455.00
    Marketcap : $804,136,324,461.00
  • ethereumEthereum(ETH)
    $3,187.18-1.80% 24H
    ETHEREUM
    24H : -1.80%
    Volume : $11,828,130,842.00
    Marketcap : $383,283,409,099.00
  • tetherTether(USDT)
    $1.000.020% 24H
    TETHER
    24H : 0.020%
    Volume : $42,292,952,195.00
    Marketcap : $82,566,134,570.00
  • binancecoinBNB(BNB)
    $416.19-2.16% 24H
    BNB
    24H : -2.16%
    Volume : $1,421,783,549.00
    Marketcap : $69,948,357,062.00
  • usd-coinUSD Coin(USDC)
    $0.9980.110% 24H
    USD COIN
    24H : 0.110%
    Volume : $3,215,590,549.00
    Marketcap : $50,856,931,622.00
  • solanaSolana(SOL)
    $110.52-1.25% 24H
    SOLANA
    24H : -1.25%
    Volume : $1,326,948,052.00
    Marketcap : $36,230,891,086.00
  • rippleXRP(XRP)
    $0.744-2.62% 24H
    XRP
    24H : -2.62%
    Volume : $2,611,405,064.00
    Marketcap : $35,798,721,281.00
  • cardanoCardano(ADA)
    $1.02-1.97% 24H
    CARDANO
    24H : -1.97%
    Volume : $735,911,632.00
    Marketcap : $32,692,285,870.00
  • terra-lunaTerra(LUNA)
    $87.96-7.21% 24H
    TERRA
    24H : -7.21%
    Volume : $2,091,404,457.00
    Marketcap : $31,224,000,667.00
  • avalanche-2Avalanche(AVAX)
    $79.94-4.23% 24H
    AVALANCHE
    24H : -4.23%
    Volume : $651,461,780.00
    Marketcap : $21,345,345,382.00
  • polkadotPolkadot(DOT)
    $18.98-3.96% 24H
    POLKADOT
    24H : -3.96%
    Volume : $522,492,664.00
    Marketcap : $20,904,948,600.00
  • dogecoinDogecoin(DOGE)
    $0.147-0.35% 24H
    DOGECOIN
    24H : -0.35%
    Volume : $1,709,936,369.00
    Marketcap : $19,528,083,067.00
  • binance-usdBinance USD(BUSD)
    $0.9990.100% 24H
    BINANCE USD
    24H : 0.100%
    Volume : $3,031,521,102.00
    Marketcap : $17,907,585,119.00
  • terrausdTerraUSD(UST)
    $1.000.00% 24H
    TERRAUSD
    24H : 0.00%
    Volume : $710,407,989.00
    Marketcap : $16,759,326,710.00
  • shiba-inuShiba Inu(SHIB)
    $0.000024-0.91% 24H
    SHIBA INU
    24H : -0.91%
    Volume : $622,427,689.00
    Marketcap : $13,391,607,837.00
  • wrapped-bitcoinWrapped Bitcoin(WBTC)
    $42,263.00-1.06% 24H
    WRAPPED BITCOIN
    24H : -1.06%
    Volume : $205,987,180.00
    Marketcap : $11,648,041,723.00
  • crypto-com-chainCronos(CRO)
    $0.437-1.87% 24H
    CRONOS
    24H : -1.87%
    Volume : $43,191,918.00
    Marketcap : $11,045,868,142.00
  • nearNEAR Protocol(NEAR)
    $15.96-4.67% 24H
    NEAR PROTOCOL
    24H : -4.67%
    Volume : $1,001,407,008.00
    Marketcap : $10,603,423,829.00
  • staked-etherLido Staked Ether(STETH)
    $3,182.92-1.85% 24H
    LIDO STAKED ETHER
    24H : -1.85%
    Volume : $8,945,498.00
    Marketcap : $10,259,684,260.00
  • matic-networkPolygon(MATIC)
    $1.43-2.09% 24H
    POLYGON
    24H : -2.09%
    Volume : $379,202,804.00
    Marketcap : $9,786,905,958.00
Cryptocurrency Report
Home » This proof of concept NFT can swipe unsuspecting users’ IP addresses
News

This proof of concept NFT can swipe unsuspecting users’ IP addresses

CryptoReporterBy CryptoReporterJanuary 27, 2022No Comments4 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

Both OpenSea and Metamask have logged cases of IP address leaks associated with transferring NFTs, according to researchers at Convex Labs and OMNIA protocol.

Nick Bax, head of research at NFT organization Convex Labs tested out how NFT marketplaces like OpenSea allow vendors or attackers to harvest IP addresses. He created a listing for a Simpsons and South Park crossover image, entitling it “I just right click + saved your IP address” to prove that when the NFT listing is viewed, it loads custom code that logs the viewer’s IP address and shares it with the vendor.

This NFT logs your IP address:https://t.co/hB34JuJLH9

— bax.eth (@bax1337) January 24, 2022

In a Twitter thread, Bax admitted that he “does not consider my OpenSea IP logging NFT to be a vulnerability” because that is simply “the way it works.” It’s important to remember that NFTs are at their core a piece of software code or digital data that can be pushed or pulled. It is quite common for the actual image or asset to be stored on a remote server, while only the asset’s URL is on-chain. When an NFT is transferred to a blockchain address, the receiving crypto wallet fetches the remote image from the URL associated with the NFT.

Bax further explained the technical details in a Convex Labs Medium post that OpenSea allows NFT creators to add additional metadata that enables file extensions for HTML pages. If the metadata is stored as a json file on a decentralized storage network such as IPFS or on remote centralized cloud servers, then OpenSea can download the image as well as an “invisible image” pixel logger and host it on its own server. Thus when a potential buyer views the NFT on OpenSea, it loads the HTML page and fetches the invisible pixel that reveals a user’s IP address and other data like geolocation, browser version and operating system.

Analyst Alex Lupascu, co-founder of the privacy node service OMNIA Protocol, conducted his own research with the Metamask mobile app with similar effects. He discovered a liability that allows a vendor to send an NFT to a Metamask wallet and obtain a user’s IP address.  He minted his own NFT on OpenSea and transferred the ownership of the NFT via airdrop to his Metamask wallet, and concluded finding a “critical privacy vulnerability.” 

My team and I discovered a critical privacy #vulnerability in the most popular #crypto #wallet.

Are you using MetaMask ?
Well, I have bad news for you – your #privacy is at risk!@samczsun @gakonst @VitalikButerin @cz_binance @phildaian https://t.co/ar30UMzR1G

— Alex Lupascu (@alxlpsc) January 20, 2022

Related: MetaMask’s new inbuilt multichain institutional custody feature

In a Medium post, Lupascu described the potential consequences of how a “malicious actor can mint an NFT with the remote image hosted on his server, then airdrop this collectible to a blockchain address (victim) and obtain his IP address.” His concern is that if an attacker gathers a collection of NFTs, points all of them to a single URL and airdrops them to millions of wallets, then it could result in a large scale distributed denial-of-service, or DDoS attack. Having personal data leaked can also lead to kidpnapping, according to Lupascu. 

He also suggested a potential solution could be requiring explicit user consent when it comes to fetching the remote image of the NFT: Metamask or any other wallet would prompt the user that someone on OpenSea or another exchange is fetching the remote image of the NFT, and informing the user that his or her IP address may be exposed.

Dan Finlay, CEO of Metamask, responded to Lupascu on Twitter stating that even though “the issue has been known for a long time” they are now starting work to fix it and improve user safety and privacy.

That same day, even Vitalik Buterin recognized the challenges of off-chain privacy within Web3. On a recent UpOnly podcast episode, Buterin said that “the fight for more privacy is an important one. People are underestimating the risks of no privacy,” adding that the “more crypto-y everything becomes,” the more exposed we are.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

AML and KYC: A catalyst for mainstream crypto adoption

August 14, 2022

Bitcoin hits $25K as bearish voices call BTC price ‘double top’

August 14, 2022

Velodrome recovers $350K stolen funds from team member Gabagool

August 14, 2022

BlueBenx fires employees, halts funds withdrawal citing $32M hack

August 14, 2022

Coinbase posts $1.1B loss, Polygon dApps rocket 400% in 2022 and Elon Musk says inflation is on the decline: Hodler’s Digest, Aug 7-13

August 13, 2022

Countries where Bitcoin (BTC) is legal

August 13, 2022
Add A Comment

Leave A Reply Cancel Reply

Top Posts

AML and KYC: A catalyst for mainstream crypto adoption

August 14, 2022

Bitcoin hits $25K as bearish voices call BTC price ‘double top’

August 14, 2022

Velodrome recovers $350K stolen funds from team member Gabagool

August 14, 2022

Subscribe to Updates

Get the latest sports news and analysis about crypto coins and the latest news about domains from Techie Memo.

Advertisement

Your number 1 source for all Cryptocurrency news and analysis. here you can follow all updates and latest rates for all currencies. Visit our about page for more information.

We're social. Connect with us:

Facebook Twitter Instagram YouTube LinkedIn
Top Insights

AML and KYC: A catalyst for mainstream crypto adoption

August 14, 2022

Bitcoin hits $25K as bearish voices call BTC price ‘double top’

August 14, 2022

Velodrome recovers $350K stolen funds from team member Gabagool

August 14, 2022
Get Informed

Subscribe to Updates

Get the latest sports news and analysis about crypto coins.

Facebook Twitter Instagram LinkedIn
  • Guest Post
  • Privacy Policy
  • Terms & Conditions
  • Contact
© 2022 Cryptocurrency Report. Designed by Sawah Dev.

Type above and press Enter to search. Press Esc to cancel.