Critical security flaw discovered in NFT marketplace Rarible
Researchers have identified a security flaw in NFT marketplace Rarible that could have led to the theft of crypto wallets. If exploited, the vulnerability would have enabled a threat actor to steal a user’s NFTs and cryptocurrency wallets in a single transaction. Researchers at CheckPoint said that a successful attack would have come from a malicious NFT within Rarible’s marketplace, where people are less suspicious and familiar with submitting transactions. For context, the platform reported $273 million trading volume last year and boasts over two million monthly active users – making it one of the largest NFT marketplaces in the world. The findings were immediately disclosed to Rarible on April 5, which acknowledged the security flaw. Check Point said it believes that the company will have deployed a fix by the time of publication. “CPR has invested significant resources in examining the intersection of crypto and security,” commented Oded Vanunu, head of Products Vulnerabilities Research at Check Point Software. “We still continue to see large efforts by cyber criminals to try and heist big profits from cryptocurrency, especially NFT marketplaces.