A potentially major security flaw has been discovered on Rarible, a popular marketplace for non-fungible tokens (NFTs), which could lead to users losing not only their NFTs, but also cryptocurrencies directly from their wallets.
A report from Check Point Research (CPR) has identified a vulnerability that would allow a potential attacker to steal someone’s digital assets in a single transaction. The worst thing is that everything would happen in the market itself, a place where people would generally feel less suspicious.
In case the victim submits the requests, they will grant the malicious NFT full access to their endpoint.
“In October last year, we discovered critical security vulnerabilities in OpenSea, the world’s largest NFT marketplace. Now we have identified similar vulnerabilities in Rarible,” commented Oded Vanunu, Head of Product Vulnerability Research at Check Point Software.
“In terms of security, there is still a huge gap between Web2 and Web3 infrastructures. Any small vulnerability opens a backdoor for cyber criminals to hijack crypto wallets behind the scenes. We are still in a state where marketplaces that combine Web3 protocols lack a strong security practice. The implications following a cryptographic hack can be extreme. We have seen millions of dollars diverted from users of marketplaces that combine blockchain technologies.
Last year, Rarible had a trading volume of over $273 million, making it one of the largest NFT marketplaces on the planet.
The company informed the market of its discovery and said that it “believes Rarible will have deployed a fix by the time of this publication.” We’ve reached out to Rarible to see if that’s indeed the case, and we’ll update the article accordingly.
However, since it’s Easter weekend, it could be a few days before we hear from Rarible.
“Users currently have to manage two types of wallets: one for most of their cryptos and another just for specific transactions,” Vanunu continued.
“If the wallet for specific transactions is compromised, users may still be in a position where they don’t lose everything.”