Critical vulnerability detected on the Rarible NFT marketplace

NFTCritical vulnerability detected on the Rarible NFT marketplace


Researchers at Check Point have revealed a critical vulnerability in the Rarible NFT marketplace. Rarible is one of the largest NFT marketplaces, and it has more than two million monthly users.

CPR researchers detect a critical vulnerability on Rarible

In a recent blog post, CPR said that if this vulnerability was exploited, it would allow a hacker to steal user NFTs and access cryptocurrency wallets through one transaction. This is a critical vulnerability because Rarible is one of the largest NFT marketplaces. In 2021, it reported over $273M worth of trading volumes.

CPR alerted Rarible about this vulnerability on April 5, and rarible has since patched it. CPR has been researching such types of cyberattacks after a renowned Taiwanese musician lost an NFT that was later sold for $500K.

“Victim receives a link to the malicious NFT or browses the marketplace and clicks on it. The malicious NFT executes JavaScript code and attempts to send a setApprovalForAll request to the victim. Victim submits the request and grants full access to this NFT’s/Crypto Token to the attacker.”

CPR has also helped unveil vulnerabilities in other NFT marketplaces. In October last year, the firm detected a vulnerability that could allow attackers to access user accounts and steal cryptocurrency wallets by creating malicious NFTs.

Cloudbet bonus

CPR has also issued an advisory to NFT buyers and sellers. The firm has urged people to refrain from trading NFTs with suspicious offers. It urged in-depth review into a suspicious offer before giving out any form of authorization that could allow a hacker to access their cryptocurrency wallet.

Vulnerability of NFT marketplaces

NFTs have become increasingly popular, but so has the risk associated with the sector. NFT marketplaces have become targets for cybercriminals. A month ago, TreasureDAO, an NFT marketplace based on Arbitrum, was breached, and hundreds of NFTs were stolen. The attackers exploited the protocol’s security vulnerability to mint NFTs for free.

OpenSea, the largest NFT marketplace, was also exploited earlier this year. The exploited targeted the Bored Ape Yacht Club (BAYC) NFT holders. After a successful exploit, the attacker stole around $750,000 worth of Ether (ETH).

Your capital is at risk.

Read more:



Learn more

Latest news

Ripple Scores Big Win as Judge Orders SEC to Turn Over Hinman Documents

Alex Dovbnya U.S. District Court Judge Analisa Torres has rejected the SEC’s latest effort to keep Hinman documents under...

Bitcoin Miner Rhodium Plans to List on Nasdaq through Reverse Merger

Bitcoin miner Rhodium Enterprises is planning to list on Nasdaq under the ticker "RHDM" through a reverse merger...

Celsius Creditors Move to Subpoena Lending Firm Equities First

Celsius said that Equities First still owes its $439 million. Learn more

Cardano Creator Challenges IOTA Co-Founder Dominik Schiener to Debate: Details

Cardano founder Charles Hoskinson has urged the IOTA co-founder and chairman of the IOTA Foundation, Dominik Schiener, to a debate....

LUNC Trading Volume Falls Double-Digits, Is Binance Burning Hype Over?

Gamza Khanzadaev LUNC price and trading volume fall days after Binance burning announcement Luna Classic's (LUNC) trading volume is down...

Must read

Ripple Scores Big Win as Judge Orders SEC to Turn Over Hinman Documents

Alex Dovbnya U.S. District Court Judge Analisa Torres has...

Bitcoin Miner Rhodium Plans to List on Nasdaq through Reverse Merger

Bitcoin miner Rhodium Enterprises is planning to list...

You might also likeRELATED
Recommended to you