Published: 15.04.2022
Article reading time:
2 minutes.
Researchers from Check Point Research (CPR) have discovered a vulnerability in the NFT Rarible site, allowing attackers to steal collectible tokens in just one transaction.
The attack on Rarible user accounts, according to CPR, could have occurred using malicious non-fungible tokens. The attackers could trick an unsuspecting platform client into clicking on a link leading to an “infected NFT”. After opening the link in a new tab, JavaScript code was executed and a setApprovalForAll request was sent to the user. In the event of a successful attack, hackers could take control of the victim’s cryptocurrency wallet and take possession of her crypto assets.
On April 5, the researchers notified Rarible about this, after which the platform fixed the bug. CPR urged users to exercise the utmost caution. If a signing request (even directly on the platform) seems suspicious, it’s best to reject it without giving any permissions.
CPR security experts explained that they became interested in such cases after the popular Taiwanese singer Jay Chou lost several unique tokens after clicking on a malicious link leading to fake NFT creation sites. CPR researchers also mentioned a previous study conducted in October 2021, when they discovered a critical vulnerability in the OpenSea platform. The vulnerability allowed hackers to appropriate other people’s tokens in a similar way.
Recall that in January, cybersecurity company PeckShield also discovered a critical vulnerability in the OpenSea interface that allows you to purchase NFTs at greatly reduced prices.
Source: Bits
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.