Connect with us

Cryptocurrency News

Users could have lost all their NFTs

Users could have lost all their NFTs

The research arm of cyber security software firm Check Point said it identified a vulnerability in the Rarible NFT marketplace that could have seen many of its roughly two million active monthly users lose their NFTs in a single transaction.

Check Point is a multinational IT security firm that was founded in Ramat Gan, Israel in 1993 and also claimed to have spotted issues relating to malicious airdrops on OpenSea back in October 2021.

According to documents shared with Cointelegraph, Check Point Research (CPR) recently discovered that malicious actors could send users a dubious link to an NFT that executes JavaScript code after clicking that “attempts to send a setApprovalForAll request to the victim.”

If the link is clicked, the user grants full access to their wallets on Rarible. CPR stated that it immediately notified Rarible on April 5, with the platform promptly acknowledging and fixing the security flaw:

“If exploited, the vulnerability would have enabled a threat actor to steal a user’s NFTs and cryptocurrency wallets in a single transaction. A successful attack would have come from a malicious NFT within Rarible’s marketplace itself, where users are less suspicious and familiar with submitting transactions.”

NFT Theft

Speaking with Cointelegraph, Oded Vanunu, Head of Products Vulnerabilities Research at Check Point Software said his team became interested in this type of scam after Taiwanese singer Jay Chou fell victim to a similar attack. Chou’s BoredApe #3738 NFT was swiped via a nefarious transaction at the start of this month.

“Once we saw that this NFT was stolen, it gave us the incentive to investigate further.” Such a vulnerability could also be possible on many other platforms, Vanunu said.

“Rarible acknowledged the security flaw quickly and fixed it by removing the SVG file upload option. This terminated the malicious NFT attack option,” Vanunu confirmed.

Related: Trezor investigates potential data breach as users cite phishing attacks

Vanunu refused to estimate the potential value lost that the security flaw could have resulted in, as it could have been “triggered on any user on the platform.” Notably, a similar attack on just a single wallet belonging to DeFiance Capital founder Arthur0x last month, resulted in the loss of roughly 600 Ether ($1.86 million).

CPR urged users to be diligent any time they approve any requests on NFT platforms and verify all of them via Etherscan’s request tracker in times of uncertainty.

Cointelegraph has reached out to Rarible for comment on the matter, and will update the story if the company responds.

Content link

Splinterlands Decentralizes, SPS Validator Software Goes Open Source
NFT News10 months ago

Splinterlands Decentralizes, SPS Validator Software Goes Open Source

Rent-to-Own Homes Are Back With a Fintech Facelift,
Forex News10 months ago

Rent-to-Own Homes Are Back With a Fintech Facelift,

RNC withdraws from ‘biased’ Commission on Presidential Debates
Stock Markets News10 months ago

RNC withdraws from ‘biased’ Commission on Presidential Debates

Rent Prices Drop in San Francisco, Chicago During Pandemic
Finance News10 months ago

Rent Prices Drop in San Francisco, Chicago During Pandemic

Splinterlands Moves to Decentralize Validator Nodes with License Offering
NFT News10 months ago

Splinterlands Moves to Decentralize Validator Nodes with License Offering

How Much Should I Have in My 401(k) at 50?
Forex News10 months ago

How Much Should I Have in My 401(k) at 50?

Opinion: Twitter's board owes it to shareholders to accept Elon Musk's offer
Stock Markets News10 months ago

Opinion: Twitter’s board owes it to shareholders to accept Elon Musk’s offer

Elon Musk 'profited $150 million against the backs of common shareholders,' lawyer says
Finance News10 months ago

‘No board in America is going to take that number’

'The weight of this debt is crushing': I'm 74, and a retired speech-language pathologist with a student-loan debt of $200K. Am I obliged to pay it off?
Forex News10 months ago

‘Please help!’ It seems like I have been paying my child’s student loan forever. How much longer must I pay it off?

Wikipedia Community Pushes Back Against Crypto Donations
NFT News10 months ago

Wikipedia Community Pushes Back Against Crypto Donations

Twitter stock could crash 20% if board rejects Elon Musk's offer: analyst
Forex News10 months ago

Twitter stock could crash 20% if board rejects Elon Musk’s offer: analyst

Elon Musk’s Twitter bid may tempt retail investors to 'buy the rumor, sell the news' — Here's what financial advisers suggest instead
Stock Markets News10 months ago

Elon Musk’s Twitter bid may tempt retail investors to ‘buy the rumor, sell the news’ — Here’s what financial advisers suggest instead

Twitter Weighs Poison Pill to Prevent Musk From Increasing
Stake Significantly
Finance News10 months ago

Twitter Weighs Poison Pill to Prevent Musk From Increasing Stake Significantly

Here’s why Chiliz (CHZ) multi-team NFL partnership and Web3 expansion plan could be bullish
Cryptocurrency News10 months ago

Here’s why Chiliz (CHZ) multi-team NFL partnership and Web3 expansion plan could be bullish

Traders Move ETH out of Centralized Exchanges and into DeFi
NFT News10 months ago

Traders Move ETH out of Centralized Exchanges and into DeFi

North Korean Lazarus Group allegedly behind Ronin Bridge hack
Cryptocurrency News10 months ago

North Korean Lazarus Group allegedly behind Ronin Bridge hack

How Blockchain Bridges Became Hackers’ Prime Targets
NFT News10 months ago

How Blockchain Bridges Became Hackers’ Prime Targets

Elon Musk makes $43 billion cash takeover offer for Twitter By Reuters
Stock Markets News10 months ago

With Twitter in his sights, Musk creates new model of 21st century billionaire By Reuters

Archie Comics and Palm NFT Studio want fans to co-create the comic’s future series
Cryptocurrency News10 months ago

Archie Comics and Palm NFT Studio want fans to co-create the comic’s future series

how Hackatao is changing the face of PFPs – SuperRare Editorial
NFT News10 months ago

how Hackatao is changing the face of PFPs – SuperRare Editorial

Copyright 2020-2022 © All rights Reserved. CAK Strategic Consulting, LI.