NFT: Could you lose everything because of this critical bug? Back to the rare failure

A danger to your NFTs – Rarible is a buying and selling platform NFT† It attracts more than a thousand users every month and recorded a volume of $270 million in 2021. However, this success could have turned sour after the presence of a critical vulnerability on the platform.

Critical Vulnerability on Rarible

Last week, the cybersecurity firm checkpoint released a report on a vulnerability discovered on the Rarible platform

It all started after an attack on Taiwanese singer Jay Chou. He had indeed stolen his BoredApe #3738 as part of a fraudulent transaction.

This episode prompted Check Point to investigate. For once, the theft of the NFT could be carried out, because Jay Chou was a transaction authorizing access to its NFTs

In practice, it signed a transaction that executes the function setApprovalForAllAllows you to define access rights for tokens or NFTs. Normally, it is widely used by platforms like Rarible to sell token.

However, many attackers manage to get a setApprovalForAll to their victims. This allows them to take control of their NFTs later on. Typically, attackers use phishing techniques to trick their victims. This one was recently the case on OpenSea† In the Rarible setting, the attack was much more advanced.

>> Worried that your wallet will be hacked? Prioritize security and register with Swissborg! (affiliate link) <

When NFTs Lead the Attack

During their investigation, the teams at Check Point attempted several manipulations before discovering a critical vulnerability on Rarible.

Thus, Rarible allows its users to upload different types of files with PNG, GIF, SVG, MP4, WEBM or MP3 extensions.

However, Check Point realized that it… possible to embed JavaScript code in SVG images† Once the image is posted on Rarible, the malicious code embedded in the image has to wait for the victims.

“Clicking on the art and opening it in another tab, or clicking the IPFS link in the drop-down list will run the JavaScript code.

checkpoint

In practice, the code retrieves the list of NFTs owned by the user. Then it will loop on these NFTs and send type of transactions setApprovalForAll for collections considered interesting by the attacker.

For its part, the user is notified of a pending transaction. Unfortunately, if the user is unlucky enough to mechanically sign this transaction, it will seal the fate of their NFTs and allow the attacker to take control of them.

Rare, only victim?

Naturally, the Check Point teams quickly shared their findings with those of Rarible. This was followed by the release of a patch to correct the vulnerability.

While there is no estimate of the magnitude this vulnerability could have had in terms of losses, Check Point emphasizes that the could have affected any Rarible user

In addition, Check Point does not rule out that such a vulnerability present on other NFT selling platforms

Faced with this threat, Check Point recalls some best practices to protect against this type of attack:

  • Carefully examine each signature request from your wallet;
  • When in doubt, decline the request to take the time to investigate further;
  • Regularly revoke your wallet approvals through the Etherscan interface.

Earlier in the year, a first vulnerability was discovered on OpenSea† This had resulted in the loss of several hundred NFTs, the total value of which was over 300 ETH.

On Rarible, as on other DeFi platforms, be careful and use good security practices. If this scares you, opt for exchanges that have proven themselves. Log in to Swissborg and take advantage of an exceptional bonus up to €200 in cryptocurrencies (affiliate link, for a minimum deposit of €50)!

Leave a Comment