Weakness in the large NFT market is rare
Security researchers at Check Point Research (CPR) have discovered a vulnerability in the NFT Rarible marketplace. The exploit may result in the theft of each user’s NFTs and cryptocurrencies. Just a fraudulent transaction was enough. Immediately after the vulnerability was discovered, CPR reported it to Rarible on April 5th, who took note of the warning. Security researchers argue that the security gap should have been closed at the time of this report’s publication – but they do not confirm this. Rarible is the second NFT marketplace where CPR has discovered a serious vulnerability, because security researchers found something similar in October 2021 in the world’s largest NFT marketplace from OpenSea.
Experts noticed this time on April 1st when NFTs were stolen from Taiwanese singer Jay Chou and sold at Rarible Market for $500,000 USD. Chou was tricked into agreeing to a similarly prepared application, which then used a transaction to gain access to his BoardAppe NFT 3788. Rarible has announced 2021 sales in its market of $273 million, making it one of the largest platforms in existence.
Written by Oded Vanunu, Head of Product Vulnerabilities at Check Point Software Technologies He explains: “CPR has invested significant resources in investigating the intersection of cryptocurrency and IT security. We continue to see significant efforts by cybercriminals in an effort to monetize cryptocurrency especially from the NFT markets. In October of last year, we discovered serious security vulnerabilities. In OpenSea, the world’s largest NFT marketplace.Now we found similar weaknesses in Rarible.In terms of security, there is still a huge gap between the Web2 and Web3 infrastructure.Any small loophole opens a backdoor for hackers to hijack crypto wallets behind the scenes.We still In a situation where markets that combine Web3 protocols do not have proper security practices The consequences of cryptocurrency hacking can also be severe We have seen millions of dollars stolen from users of markets that combine blockchain technologies I currently expect another increase in these thefts Users should Be careful. They currently need to manage two types of wallets: one for most of their cryptocurrencies and one for specific transactions only. However, if the wallet is attacked for only certain transactions, users may still be able to not It has it all. In any case, CPR will continue to research the security implications of the new blockchain technology. “
CPR recommends caution and vigilance when receiving applications for registration in such markets, including within the market itself. Before accepting the request, users should think carefully about what is being asked and consider whether the request is unusual or suspicious. When in doubt, they must reject the application and review it again before approval is granted. Users are also advised to revoke token approvals when in doubt.