A major vulnerability in the NFT Ryble market was identified and addressed



A dangerous vulnerability has been discovered and neutralized in Rarible, NFT. The security breach was so dangerous that some users could lose all their NFT if the attack was successful. Investigations show that the attack was carried out with the help of destructive NFT‌ on the Rribel market itself.

According to Kevin Telegraph, the research department of Checkpoint, a cybersecurity software company, said it had identified a vulnerability in the NFT‌ Ribble market that threatens the security of the assets of 2 million active users a month in that market. allow each user to lose their NFT in one transaction.

Checkpoint is a multinational IT security company founded in 1993. The company claims that in October 2021 (October 1400) it also identified malicious vulnerabilities in the NFT OpenSea market.

According to Checkpoint experts, it has been found that attackers send an NFT link to users, and if the user clicks on “attempt to send a setApprovalForAll request to the victim” in the link, JavaScript code is executed. This will give thieves the power of accounts in the Rarebel users’ portfolio.

According to Checkpoint, Rribell was immediately alerted to the vulnerability on April 5, and the platform immediately acknowledged the security breach.

Read also: Presentation of the largest non-alternative token (NFT) markets.

If attackers are able to exploit this vulnerability, they could take complete control of the platform’s user portfolios and steal their NFT in a single transaction. The attack may have been through malicious NFT‌ on the market itself to make consumers less suspicious.

NFT theft

Oded Vanunu, head of product vulnerability research at Checkpoint, said he and his team were interested in prosecuting such fraud after the victim of Taiwanese singer Jay Chow. The singer’s unprecedented token number 3738 was stolen through a vicious transaction. With the theft, Vanuno and his team became more motivated to investigate the vulnerabilities. According to him, this abuse of security breaches can happen on many other platforms.

Rribel quickly confirmed the security error and removed the option to upload an “SVG” file, thus thwarting the malicious NFT attack.

Vanuno declined to estimate the potential value of the theft that would have occurred with the help of this security breach, as the attack could have happened to any user of the platform. A similar attack on just one portfolio owned by DeFiance Capital founder Arthur0x last month resulted in the loss of nearly 600 ethers ($ 1.86 million).

The security company called on users of NFT trading platforms to be careful when approving requests and, in case of uncertainty, to confirm them by tracking Etherscan requests.

The publication Great Vulnerability in the NFT Rebel Market was discovered and corrected, it appeared for the first time in Digital Currency.

Leave Your Comment

Your email address will not be published.

Supportscreen tag