Check Point Research (CPR) has identified a security flaw in Rarible, an NFT marketplace with over two million active users. If exploited, the vulnerability would have enabled a threat actor to steal a user's NFTs and crypto tokens in a single transaction.
The company's discovery marks the second time its researchers discovered security flaws in an NFT marketplace. In October 2021, CPR found security issues in OpenSea, the world's largest NFT marketplace. CPR's research of Rarible began when they witnessed a similar attack on Jay Chou, a famous Taiwanese singer whose NFT was stolen and sold for $500k.
In 2021, Rarible reported over $273 million trading volume in 2021, making it one of the largest NFT marketplaces in the world.
CPR has outlined the attack methodology as the following:
On April 1, Taiwanese singer Jay Chou was tricked into submitting a transaction that stole his BoardAppe NFT 3738, later sold for $500,000 on the marketplace. CPR became interested, as the victim of this method can be any crypto or NFT holder. The company quickly launched a thorough investigation of Rarible. CPR says its motivation behind the research is to prevent risks of account takeover and cryptocurrency theft.
The findings build on top of previous research in October 2021, where they found critical security flaws in OpenSea, the world's largest NFT marketplace. Left unpatched, the vulnerabilities discovered on OpenSea's platform could allow hackers to hijack user accounts and steal entire cryptocurrency w ..
Support the originator by clicking the read the rest link below.
