Check Point Finds More Vulnerabilities in NFT and Cryptocurrency Trading

NFT weaknesses

Weakness in the large NFT market is rare

Security researchers at Check Point Research (CPR) have discovered a vulnerability in the NFT Rarible marketplace. The exploit may result in the theft of each user’s NFTs and cryptocurrencies. Just a fraudulent transaction was enough. Immediately after the vulnerability was discovered, CPR reported it to Rarible on April 5th, who took note of the warning. Security researchers argue that the security gap should have been closed at the time of this report’s publication – but they do not confirm this. Rarible is the second NFT marketplace where CPR has discovered a serious vulnerability, because security researchers found something similar in October 2021 in the world’s largest NFT marketplace from OpenSea.

The fraud could have been launched by a malicious NFT within the Rarible Market itself, which users trust. The scammer’s target will get the infected NFT link and click on it to launch the attack – or the user will browse the marketplace and randomly find and click on the infected but harmless looking NFT. The malicious NFT executes JavaScript code, which then requests ApprovalForAll from the user. If the user carelessly confirms this, it gives access to the NFTs and their cipher tokens. The hackers can then steal NFT wallets and cryptocurrencies from the victim in a single transaction.

Experts noticed this time on April 1st when NFTs were stolen from Taiwanese singer Jay Chou and sold at Rarible Market for $500,000 USD. Chou was tricked into agreeing to a similarly prepared application, which then used a transaction to gain access to his BoardAppe NFT 3788. Rarible has announced 2021 sales in its market of $273 million, making it one of the largest platforms in existence.

Oded Vanunu, Head of Product Vulnerability Research at Check Point Software

Written by Oded Vanunu, Head of Product Vulnerabilities at Check Point Software Technologies He explains: “CPR has invested significant resources in investigating the intersection of cryptocurrency and IT security. We continue to see significant efforts by cybercriminals in an effort to monetize cryptocurrency especially from the NFT markets. In October of last year, we discovered serious security vulnerabilities. In OpenSea, the world’s largest NFT marketplace.Now we found similar weaknesses in Rarible.In terms of security, there is still a huge gap between the Web2 and Web3 infrastructure.Any small loophole opens a backdoor for hackers to hijack crypto wallets behind the scenes.We still In a situation where markets that combine Web3 protocols do not have proper security practices The consequences of cryptocurrency hacking can also be severe We have seen millions of dollars stolen from users of markets that combine blockchain technologies I currently expect another increase in these thefts Users should Be careful. They currently need to manage two types of wallets: one for most of their cryptocurrencies and one for specific transactions only. However, if the wallet is attacked for only certain transactions, users may still be able to not It has it all. In any case, CPR will continue to research the security implications of the new blockchain technology. “

CPR recommends caution and vigilance when receiving applications for registration in such markets, including within the market itself. Before accepting the request, users should think carefully about what is being asked and consider whether the request is unusual or suspicious. When in doubt, they must reject the application and review it again before approval is granted. Users are also advised to revoke token approvals when in doubt.

Leave a Comment