UPDATE: Rarible has shared an official response with TechRadar Pro:
"Having thoroughly analyzed the report provided by Check Point, our team has come to the conclusion that the identified vulnerability does not directly affect Rarible.com users, their wallets and their data.
The vulnerability could potentially affect users only in case they deliberately leave Rarible.com for a third-party resource with malicious content, and consciously sign suggested transactions with their wallets. Simply clicking the link is not enough and user interaction and confirmation for transactions is required.
Despite the fact that Rarible.com users and their funds are not directly affected by the vulnerability, our team is working on enhancing user security even on third-party resources. Rarible has been working closely with multiple cyber security teams including ChainSecurity to proactively ensure a safe experience for the NFT community.
We encourage users to stay vigilant, and pay attention to the websites they visit and transactions they sign to stay safe."
ORIGINAL STORY: A potentially major security flaw has been discovered on Rarible, a popular marketplace for non-fungible tokens (NFT), which could lead to users losing not just their NFTs, but also the cryptocurrencies right from their wallets.
A report from Check Point Research (CPR) identified a vulnerability that would allow a potential attacker to steal someone’s digital belongings in a single transaction. The worst part is that everything would happen on the marketplace itself, a place people would generally feel less suspicious.
According to CPRs report, the methodology is simple, and includes creating a “malicious NFT”. Should someone stumble upon it, and click on it, the malicious NFT would execute JavaScript code in an attempt to send a setApprovalForAll request to the victim.
Malicious NFTs
In case the victim submits the requests, they’d grant the malicious NFT full access to their endpoint.
“In October last year, we discovered critical security flaws in OpenSea, the world's largest NFT marketplace. Now, we've identified similar vulnerabilities in Rarible,” commented Oded Vanunu, Head of Products Vulnerabilities Research at Check Point Software.
“In terms of security, there is still a huge gap between Web2 and Web3 infrastructure. Any small vulnerability opens a backdoor for cybercriminals to hijack crypto wallets behind the scenes. We are still in a state where marketplaces that combine Web3 protocols are lacking a sound security practice. The implications following a crypto hack can be extreme. We've seen millions of dollars hijacked from users of marketplaces that combine blockchain technologies.”
Last year, Rarible has had more than $273 million in trading volume, making it one of the largest NFT marketplaces on the planet.
The company notified the marketplace of its discovery, and said it “believes Rarible will have deployed a fix by the time of this publication”. We have reached out to Rarible to see if that indeed is the case, and will update the article accordingly.
However, given that it’s Easter weekend, it could be a few days before we hear back from Rarible.
“Users currently need to manage two types of wallets: one for most of their crypto and another just for specific transactions,” Vanunu continued.
“Should the wallet for specific transactions become compromised, users can still be in a position where they don’t lose everything."
