IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Critical security flaw discovered in NFT marketplace Rarible

If exploited, the vulnerability could have led to the theft of NFTs and crypto tokens in a single transaction

Abstract image showing the letters NFT in pink on top of a background of digital concepts and code

Researchers have identified a security flaw in NFT marketplace Rarible that could have led to the theft of crypto wallets.

If exploited, the vulnerability would have enabled a threat actor to steal a user’s NFTs and cryptocurrency wallets in a single transaction.

Researchers at CheckPoint said that a successful attack would have come from a malicious NFT within Rarible’s marketplace, where people are less suspicious and familiar with submitting transactions. For context, the platform reported $273 million trading volume last year and boasts over two million monthly active users – making it one of the largest NFT marketplaces in the world.

The findings were immediately disclosed to Rarible on April 5, which acknowledged the security flaw. Check Point said it believes that the company will have deployed a fix by the time of publication.

"CPR has invested significant resources in examining the intersection of crypto and security,” commented Oded Vanunu, head of Products Vulnerabilities Research at Check Point Software. “We still continue to see large efforts by cyber criminals to try and heist big profits from cryptocurrency, especially NFT marketplaces.

“In October last year, we discovered critical security flaws in OpenSea, the world's largest NFT marketplace. Now, we've identified similar vulnerabilities in Rarible.”

Left unpatched, those critical security flaws found in OpenSea could have allowed hackers to hijack user accounts and steal entire cryptocurrency wallets by crafting malicious NFTs.

With this latest Rarible find, Check Point said that attackers would rely on victims clicking a link to a malicious NFT, either via browsing the marketplace or receipt of the link.

The malicious NFT would then execute JavaScript code and attempt to send a setApprovalForAll request to the victim, who would then submit the request and grant full access to the NFTs or crypto tokens to the attacker.

Vanunu explained that there is still a “huge gap” between Web2 and Web3 infrastructure, with any small vulnerability opening a backdoor for cyber criminals to hijack crypto wallets behind the scenes.

“We are still in a state where marketplaces that combine Web3 protocols are lacking a sound security practice,” he said. “The implications following a crypto hack can be extreme. We've seen millions of dollars hijacked from users of marketplaces that combine blockchain technologies.”

Check Point said users should remain careful and aware whenever receiving new requests to sign, even within the marketplace itself, and to carefully review exactly what is being requested prior to receiving a request.

If there are any doubts, users are advised to reject the request and examine it further before providing any kind of authorisation. Token approvals can be reviewed and revoked using the Etherscan token approval tool.

“Currently, I expect to see a continuing increase in cryptocurrency thefts. Users must pay attention,” Vananu advised. “Users currently need to manage two types of wallets: one for most of their crypto and another just for specific transactions.

“Should the wallet for specific transactions become compromised, users can still be in a position where they don’t lose everything. CPR will continue to research the security implications of the new frontier of blockchain technology"

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Most Popular

Warning issued over ransomware attacks targeting VMware ESXi servers globally
cyber attacks

Warning issued over ransomware attacks targeting VMware ESXi servers globally

6 Feb 2023
ION Trading reportedly pays LockBit ransom demands
ransomware

ION Trading reportedly pays LockBit ransom demands

6 Feb 2023
BT Group extends Kyndryl deal to migrate legacy mainframe apps to the cloud
Business strategy

BT Group extends Kyndryl deal to migrate legacy mainframe apps to the cloud

31 Jan 2023