Rarible NFT marketplace vulnerability when successfully exploited can lead to hackers taking control and crypto wallet hacking.
Roman Zaikin, Dikla Barda, and Oded Vanunu, cybersecurity researchers from Check Point said, “By luring victims to click on a malicious NFT, an attacker can take full control of the victim’s crypto wallet to steal funds.”
Rarible, an NFT marketplace that allows its users to create, buy, and sell digital NFT art like photographs, games, and memes, has over 2.1 million active users.
The security firm added, “There is still a huge gap between, in terms of security, between Web2 and Web3 infrastructure. Any small vulnerability can possibly allow cybercriminals to hijack crypto wallets behind the scenes. We are still in a state where marketplaces that combine Web3 protocols are lacking from a security perspective. The implications following a crypto hack can be extreme.”
The bad actors rely on a threat actor sending a link to a rogue NFT (e.g., an image) to potential victims. It executes arbitrary JavaScrip code when opened in a new tab. This potentially enables attackers to gain admin-level control over their NFTs by sending a setApprovalForAll request to the wallet.
In the case of Rarible the setApprovalForAll API allows its users to transfer sold items from their address to the buyer’s address based on the implemented smart contract.
According to the researcher, this function is dangerous as it may allow anyone to control your NFTs once you get tricked into signing in.
They further added, “It’s not always clear to users exactly what permissions they are giving by signing a transaction. Most of the time, the victim assumes these are regular transactions when in fact, they were given control over their own NFTs.”
Once the bad actors get the access they can transfer all NFTs from the victim’s account and can be sold by them on the marketplace for a higher price.
Users are advised to scrutinize transaction requests prior to providing any kind of authorization. Earlier token approvals were reviewed and revoked by visiting Etherscan’s Token Approval Checker tool.
The researcher explained, “NFT users should be aware that there are various wallet requests – some of them are used just to connect the wallet, but others may provide full access to their NFTs and Tokens.”
Rarible in an email to TechnoidHost said, “The vulnerability could potentially affect users only in case they deliberately leave Rarible.com for a third-party resource with malicious content, and consciously sign suggested transactions with their wallets. Simply clicking the link is not enough and user interaction and confirmation for transactions is required.”
Further added, “Despite the fact that Rarible.com users and their funds are not directly affected by the vulnerability, our team is working on enhancing user security even on third-party resources. Rarible has been working closely with multiple cyber security teams including ChainSecurity to proactively ensure a safe experience for the NFT community.”
Microsoft Disrupts ZLoader Cybercrime Botnet in Global Operation
Fake Shopping Apps Distributed by Hackers to Steal Banking Data of Malaysian Users
Get BlackGuard Information stealing Malware Sold on Russian Hacking Forums