NFT: could you have lost everything because of this critical bug? Back to the Rare failure

A danger to your NFTs – Rarible is a platform for buying and selling NFT. It attracts more than a thousand users each month and recorded $270 million in volume in 2021. However, this success could have turned sour following the presence of a critical vulnerability on the platform.

Critical Vulnerability on Rarible

Last week, the cybersecurity company check point published a report concerning a vulnerability discovered on the Rarible platform.

It all started after an attack on Taiwanese singer Jay Chou. Indeed, he had his BoredApe #3738 stolen as part of a fraudulent transaction.

This episode prompted Check Point to investigate. For once, the theft of the NFT could be carried out, because Jay Chou had signed a transaction authorizing access to its NFTs.

In practice, this one signed a transaction executing the function setApprovalForAll. This allows you to define access permissions to tokens or NFTs. Normally, it is widely used by platforms such as Rarible to make token sales.

However, many attackers manage to sign a setApprovalForAll to their victims. This later allows them to gain control over their NFTs. Usually, attackers use phishing techniques to trick their victims. This was recently the case on OpenSea. In the Rarible setting, the attack was much more sophisticated.

>> Afraid of having your wallet hacked? Prioritize security and register with Swissborg! (affiliate link) <<

When NFTs Lead the Attack

While conducting their investigation, the Check Point teams attempted various manipulations, before detecting a critical vulnerability on Rarible.

Thus, Rarible allows its users to upload different types of files having PNG, GIF, SVG, MP4, WEBM, or MP3 extensions.

However, Check Point realized that it was possible to embed JavaScript code in SVG images. Once the image is posted on Rarible, the malicious code embedded in the image just has to wait for its victims.

“Clicking on the art and opening it in another tab, or clicking on the IPFS link in the drop-down list, the JavaScript code will be executed. »

check point

In practice, the code retrieves the list of NFTs held by the user. Subsequently, it will loop on these NFTs and send type transactions setApprovalForAll for collections considered interesting by the attacker.

For his part, the user will be notified of a pending transaction. Unfortunately, if the user has the misfortune to sign this transaction mechanically, it seals the fate of their NFTs and allows the attacker to take control of them.

Rare, only victim?

Obviously, the Check Point teams quickly shared their findings with those of Rarible. This was followed by the release of a patch to correct the vulnerability.

Although no estimate of the scale that this vulnerability could have taken in terms of losses, Check Point stresses that it could have affected any Rarible user.

Additionally, Check Point does not rule out the possibility that such a vulnerability could be present on other NFT sales platforms.

Faced with this threat, Check Point recalls some best practices to protect against this type of attack:

  • Carefully examine each signature request from your wallet;
  • If in doubt, reject the request in order to take the time to examine it in more detail;
  • Frequently revoke your wallet approvals through the interface from Etherscan.

Earlier in the year, a first vulnerability was discovered on OpenSea. This had led to the loss of several hundred NFTs, the total value of which exceeded 300 ETH.

On Rarible, as on other DeFi platforms, be careful and apply good security practices. If this scares you, choose exchanges that have proven themselves. Register with Swissborg and benefit from an exceptional bonus of up to €200 in cryptocurrencies (affiliate link, for a minimum deposit of €50)!

We want to say thanks to the author of this short article for this outstanding web content

NFT: could you have lost everything because of this critical bug? Back to the Rare failure

You can find our social media profiles here as well as other related pages here