Reading time: ~2 m
Check Point Research (CPR) has discovered a vulnerability in the Rarible NFT marketplace. The exploit would allow an attacker to withdraw all the assets from the wallet of any of the two million users in one transaction.
A successful attack could have happened with a malicious NFT on the platform. Users in this case are less suspicious and they are familiar with the procedure for sending transactions, experts noted.
The probable attack methodology in CPR was described as follows:
- the victim receives a link to the token containing the script or clicks on it while browsing the site;
- JavaScript code being executed tries to send a setApprovalForAll request to the user;
- the victim confirms it and grants the attacker full access to their assets.
According to experts, they were motivated to check the security of Rarible for the possibility of such an attack, because they had already encountered a similar incident. On April 1, Taiwanese singer Jay Chou was tricked into confirming a transaction, after which his NFT Bored Ape #3738 was sold on the marketplace for $500,000.
Also, CPR specialists relied on the results of their study of the OpenSea marketplace in October 2021, during which they discovered critical vulnerabilities.
According to the blog, on April 5, the company reported its findings to the Rarible team, who “acknowledged the bug and fixed it.”
However, experts advised users to be careful when receiving requests, even on the marketplace itself. In case of any doubt, they recommended rejecting such proposals.
Recall that in January, a vulnerability was discovered in the OpenSea listing function that allowed redeeming tokens at a reduced price. Only one of the users through API marketplace on Rarible received 347 ETH through fraud.
The cumulative losses amounted to 750 ETH, which OpenSea reimbursed to customers.
#Rarible #vulnerability #allowed #stealing #NFTs #users #wallet
