Researchers at cyber security software firm Check Point have identified a vulnerability in the Rarible NFT marketplace. Hundreds of thousands of its roughly two million active monthly users would have lost their NFTs if the hacker had executed it.
Check Point’s Responsible Disclosure
“A successful attack would have come from a malicious NFT within Rarible’s marketplace, itself, where users are less suspicious and familiar with submitting transactions,” noted Check Point Research.
The issue with the “setApprovalForAll” function, part of the NFT EIP-721 standard, is that it gives complete control over the NFT assets to another party. Phishing attacks can be designed to steal the assets of their victims. They can convince them to sign a transaction request that looks like it’s from a legitimate source.
Due to a security issue in Rarible, users could upload media files up to 100MB without checking them for potentially malicious content. Researchers from Check Point exploited this issue by creating an SVG image that contained a malicious JavaScript payload.
The system will execute a code if the target clicks on the NFT image or the IPFS link. Hence, trigger a transaction request in their browser. If the target doesn’t understand the transaction’s details, they may approve the request. It allows the attacker to access their entire collection. The attacker would then use the “transferFrom” action to steal the NFTs and transfer them to their wallet. Note that this action is non-reversible.
The platform CPR notified Rarible about the issue on April 5. The company immediately acknowledged and fixed the problem.
NFT Theft is a Menace
Oded Vanunu, a security researcher at Check Point Software, said that the company became interested in this attack after Taiwanese singer Jay Chou became a victim. Chou’s BoredApe #3738 NFT was swiped via a nefarious transaction at the beginning of February.
“Once we saw that this NFT was stolen, it incentivized us to investigate further,” Vanunu said. He also added that such a vulnerability could be possible on many other platforms. The vulnerability was quickly fixed by Rarible, which removed the option of uploading SVG files. It terminated the malicious NFT attack option, Vanunu added.
According to Vanunu, any user on the platform could have triggered a security flaw. However, he did not estimate how much could have been lost. A similar attack on Arthur Cheong’s wallet resulted in the loss of over $1.86 million. Hence, users should always be diligent when approving requests on NFT platforms. They should also use Etherscan’s request tracker whenever possible.
The Need to Protect Your Assets
It is important to note that this issue is not unique to Rarible, as Check Point discovered a similar flaw on OpenSea last year. The problem with the NFT transaction standard is that it makes it difficult for asset holders to determine their authenticity.
Therefore, you should examine anything you’re requested to sign carefully to ascertain what it involves. Also, avoid signing anything if you are unsure of what it involves. It is recommended that users view their previous token approvals and revoke those that seem fraudulent by using this token approval checker.
Due to the nature of these attacks, they can take longer to complete and can affect the transfer of assets. As blockchain technology continues to evolve, investors need to be more cautious when protecting their assets.
Open Sea is in Trouble
According to two plaintiffs, OpenSea failed to address security vulnerabilities that allowed hackers to steal non-fungible tokens (NFTs). The failure to address these issues caused hundreds of thousands of dollars in damages.
Another user complained that OpenSea puts the onus on its users to protect their NFTs. It comes as the NFT scene continues to be plagued by scams and fraud.
The lawsuits filed against OpenSea by the two plaintiffs could set a precedent regarding the handling of NFT-related claims. In the absence of a centralized authority, the court system will be beneficial in handling these cases.
Source: https://crypto.news/rarible-nft-marketplace-vulnerability-check-point/