1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Another top NFT marketplace may have a serious security flaw

    From TechnologyDaily@1337:1/100 to All on Fri Apr 15 20:45:03 2022
    Another top NFT marketplace may have a serious security flaw

    Date:
    Fri, 15 Apr 2022 19:33:02 +0000

    Description:
    Rarible, one of the world's biggest NFT marketplaces, was found to have a major security vulnerability

    FULL STORY ======================================================================

    A potentially major security flaw has been discovered on Rarible, a popular marketplace for non-fungible tokens (NFT), which could lead to users losing not just their NFTs, but also the cryptocurrencies right from their wallets .

    A report from Check Point Research (CPR) identified a vulnerability that
    would allow a potential attacker to steal someones digital belongings in a single transaction. The worst part is that everything would happen on the marketplace itself, a place people would generally feel less suspicious.

    According to CPRs report, the methodology is simple, and includes creating a malicious NFT. Should someone stumble upon it, and click on it, the malicious NFT would execute JavaScript code in an attempt to send a setApprovalForAll request to the victim.

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. Malicious NFTs

    In case the victim submits the requests, theyd grant the malicious NFT full access to their endpoint .

    In October last year, we discovered critical security flaws in OpenSea, the world's largest NFT marketplace. Now, we've identified similar
    vulnerabilities in Rarible, commented Oded Vanunu, Head of Products Vulnerabilities Research at Check Point Software.

    In terms of security, there is still a huge gap between Web2 and Web3 infrastructure. Any small vulnerability opens a backdoor for cybercriminals
    to hijack crypto wallets behind the scenes. We are still in a state where marketplaces that combine Web3 protocols are lacking a sound security practice. The implications following a crypto hack can be extreme. We've seen millions of dollars hijacked from users of marketplaces that combine blockchain technologies. Read more

    What is an NFT? Non-fungible tokens explained, and why you shouldnt dismiss
    this fad


    Dont believe the hype: The NFT revolution in gaming is a downgrade


    Several huge NFT Discords hacked by scam attacks

    Last year, Rarible has had more than $273 million in trading volume, making
    it one of the largest NFT marketplaces on the planet.

    The company notified the marketplace of its discovery, and said it believes Rarible will have deployed a fix by the time of this publication. We have reached out to Rarible to see if that indeed is the case, and will update the article accordingly.

    However, given that its Easter weekend, it could be a few days before we hear back from Rarible.

    Users currently need to manage two types of wallets: one for most of their crypto and another just for specific transactions, Vanunu continued.

    Should the wallet for specific transactions become compromised, users can still be in a position where they dont lose everything." Keep track on incoming and outgoing traffic with the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/another-top-nft-marketplace-may-have-a-serious- security-flaw/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)