Check Point researchers revealed a serious vulnerability in the Rarible NFT marketplace. Rarible is one of the most popular NFT markets, with over two million monthly users.
CPR said in a recent blog post that if this vulnerability was exploited, a hacker would be able to steal user NFTs and access cryptocurrency wallets in one transaction. As Rarible is one of the major NFT markets, this is a serious vulnerability. It had $273 million in trading volume in 2021.
On April 5, CPR warned Rarible of this issue, which has since been addressed. CPR began investigating similar hacks when a well-known Taiwanese musician lost an NFT that was eventually sold for $500,000.
“The victim is sent a link to the malicious NFT or browses the marketplace and clicks on it. The malicious NFT runs JavaScript code and tries to send the victim a setApprovalForAll request. The victim makes the request and allows the attacker complete access to this NFT/Crypto Token.”
CPR has also helped in the detection of vulnerabilities in other NFT markets. In October of last year, the company realised a vulnerability that may enable attackers to get access to user accounts and steal bitcoin wallets by installing malicious NFTs.
CPR has also issued a warning to purchasers and dealers of NFTs. The company has encouraged users not to trade NFTs with suspicious offers. It recommended conducting a thorough investigation into any suspicious offer before providing any kind of consent that might enable a hacker to access their cryptocurrency wallet.
