Rarible, a prominent marketplace for non-fungible tokens (NFT), has identified a potentially severe security hole that might result in customers losing not just their NFTs, but also the cryptocurrencies in their wallets.
A vulnerability was discovered in a report by Check Point Research (CPR) that would allow a potential attacker to take someone’s digital belongings in a single transaction. Worst of all, everything would take place on the marketplace itself, where people are less likely to be sceptical.
The process is simple, according to CPR’s research, and comprises the creation of a “malicious NFT.” If someone came across it and clicked on it, the malicious NFT would run JavaScript code in an effort to send the user a setApprovalForAll request.
If the victim submits the queries, the malicious NFT will have complete access to their endpoint.
“We identified serious security issues in OpenSea, the world’s largest NFT marketplace, in October of last year. Now, we’ve discovered comparable flaws in Rarible,” said Oded Vanunu, Check Point Software’s Head of Products Vulnerabilities Research.
“There is still a significant security gap between Web2 and Web3 infrastructure.” Any little flaw allows thieves to steal cryptocurrency wallets from behind the scenes. We’re still in a situation where markets that use Web3 protocols don’t have a solid security policy in place. The ramifications of a crypto hack can be devastating. Millions of dollars have been stolen from users of markets that mix blockchain and other technology.”
Rarible had more than $273 million in trade volume last year, making it one of the world’s top NFT platforms.
The business informed the marketplace of its discovery, stating that it “believes Rarible will have implemented a patch by the time this publication is published.” We’ve contacted Rarible to see if this is the case, and we’ll update the article as needed.
However, because it’s Easter weekend, we might not hear from Rarible for a few days.
“At the moment, users must manage two types of wallets: one for the majority of their cryptocurrency and another for specialised transactions,” Vanunu stated.
To read our blog on “Regulations for NFT trading are proposed by China’s financial associations,” click here.
