Check Point Research found a security issue on Rarible. Malicious actors could send users a dubious link to an NFT that executes JavaScript code that “attempts to send a setApprovalForAll request to the victim.”
According to documents shared with Cointelegraph, Check Point Research recently discovered that malicious actors could send users a dubious link to an NFT that executes JavaScript code after clicking that “attempts to send a setApprovalForAll request to the victim.”on Rarible.
“If exploited, the vulnerability would have enabled a threat actor to steal a user's NFTs and cryptocurrency wallets in a single transaction. A successful attack would have come from a malicious NFT within Rarible's marketplace itself, where users are less suspicious and familiar with submitting transactions.
“Once we saw that this NFT was stolen, it gave us the incentive to investigate further.” Such a vulnerability could also be possible on many other platforms, Vanunu said. “Rarible acknowledged the security flaw quickly and fixed it by removing the SVG file upload option. This terminated the malicious NFT attack option,” Vanunu confirmed.Vanunu refused to estimate the potential value lost that the security flaw could have resulted in, as it could have been “triggered on any user on the platform.” Notably, a similar attack on just a single wallet belonging to DeFiance Capital founder Arthur0x last month, resulted in the loss of roughly 600 Ether .
CPR urged users to be diligent any time they approve any requests on NFT platforms and verify all of themCointelegraph has reached out to Rarible for comment on the matter, and will update the story if the company responds.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Cere Announces Gasless Integration with Biconomy to Enable Cheaper and Robust NFTs | HackerNoon'Cere Announces Gasless Integration with Biconomy to Enable Cheaper and Robust NFTs' web3 decentralizedinternet
Read more »
Chinese Banking Associations Target NFTsAs the market heats up, NFTs are increasingly under the microscope in China.
Read more »
Texas, Alabama Securities Regulators Block Sales of ‘Metaverse’ Casino NFTsCyprus-based Sand Vegas Casino Club, not to be confused with Sheldon Adelson’s Las Vegas Sands, has been ordered by in two U.S. states to stop selling NFTs that promise a cut of profits from casinos on Metaverse platforms. thesamreynolds reports.
Read more »
Omnichain NFTs: What They Are and Why They Matter!! | HackerNoon
Read more »
San Diego researchers hope to find evidence of life on MarsIf scientists find proof that life once existed on Mars, that could change our conception of life in the universe.
Read more »
Japan’s most popular social messaging app Line adds NFT marketplaceLVC Corporation, the crypto and blockchain manager of Japan’s largest messaging app, Line, has officially announced the launch of its own in-house NFT marketplace alongside the release of 40,000 NFTs.
Read more »