Researchers at Check Point have revealed a critical vulnerability in the Rarible NFT marketplace. Rarible is one of the largest NFT marketplaces, and it has more than two million monthly users.
CPR researchers detect a critical vulnerability on Rarible
In a recent blog post, CPR said that if this vulnerability was exploited, it would allow a hacker to steal user NFTs and access cryptocurrency wallets through one transaction. This is a critical vulnerability because Rarible is one of the largest NFT marketplaces. In 2021, it reported over $273M worth of trading volumes.
CPR alerted Rarible about this vulnerability on April 5, and rarible has since patched it. CPR has been researching such types of cyberattacks after a renowned Taiwanese musician lost an NFT that was later sold for $500K.
“Victim receives a link to the malicious NFT or browses the marketplace and clicks on it. The malicious NFT executes JavaScript code and attempts to send a setApprovalForAll request to the victim. Victim submits the request and grants full access to this NFT’s/Crypto Token to the attacker.”
CPR has also helped unveil vulnerabilities in other NFT marketplaces. In October last year, the firm detected a vulnerability that could allow attackers to access user accounts and steal cryptocurrency wallets by creating malicious NFTs.
CPR has also issued an advisory to NFT buyers and sellers. The firm has urged people to refrain from trading NFTs with suspicious offers. It urged in-depth review into a suspicious offer before giving out any form of authorization that could allow a hacker to access their cryptocurrency wallet.
Vulnerability of NFT marketplaces
NFTs have become increasingly popular, but so has the risk associated with the sector. NFT marketplaces have become targets for cybercriminals. A month ago, TreasureDAO, an NFT marketplace based on Arbitrum, was breached, and hundreds of NFTs were stolen. The attackers exploited the protocol’s security vulnerability to mint NFTs for free.
OpenSea, the largest NFT marketplace, was also exploited earlier this year. The exploited targeted the Bored Ape Yacht Club (BAYC) NFT holders. After a successful exploit, the attacker stole around $750,000 worth of Ether (ETH).
Your capital is at risk.
Read more:
