A technical vulnerability, if exploited, would allow attackers to steal NFTs and cryptocurrencies in just one transaction
Clients of the NFT marketplace Rarible are vulnerable to JavaScript attacks that can lead to the theft of not only digital collectibles, but also cryptocurrencies. Researchers from the CheckPoint IT company reported this on their blog .
According to published information, attackers send links to Rarible clients supposedly to NFT tokens. When viewing the token, a JavaScript code is launched, with the help of which the scammers request the execution of the “setApprovalForAll” function. If the victim gives permission, attackers can steal all the assets from the wallet in just one transaction. According to CheckPoint, Rarible management has already closed the vulnerability.
Read Also: Former Trump Administration Official Mick Mulvaney Named Astra Protocol Adviser
The editors have already written about a similar scenario of theft. Then it was reported that a user of the OpenSea marketplace was hit. As part of the attack, the attackers stole and resold NFT worth 200 ETH.
The editors also reported that several lawsuits were filed against OpenSea due to the inability of the trading platform to prevent the unauthorized sale of NFTs. According to the protection of the victims, the attackers took advantage of a vulnerability in the OpenSea security system to lower the price of NFT, and later resell the tokens to third parties. At the same time, the security service of the site did not prevent the scammers in any way.
In November, both marketplaces came under fire for political censorship. A cartoonist under the pseudonym Stonetoss has accused non-fungible token (NFT) marketplaces OpenSea and Rarible of political censorship after the platforms removed his $1.8 million collection of tokens from the listing.
