"Researchers Find Security Flaw in Rarible: Users Could Have Lost All Their NFTs"
Researchers at Check Point have identified a vulnerability in the Rarible Non-Fungible Token (NFT) marketplace, which could have resulted in nearly two million active users losing their NFTs in one transaction. An NFT is defined as a unit of data stored on a form of digital ledger, called a blockchain, which can be sold and traded. According to the researchers, threat actors could send a malicious link to users that takes them to an NFT that executes JavaScript code. This code tries to send a setApprovalForAll request to the victim. If the user clicks the link, they grant full access to their wallets on Rarible. Following the disclosure of the security flaw on April 5, the platform fixed it by removing the Scalable Vector Graphics (SVG) file upload option, which terminated the malicious NFT attack option. The exploitation of the vulnerability could have allowed a malicious actor to steal a user's NFTs and cryptocurrency wallets in a single transaction. A successful attack could have been launched from a malicious NFT in the Rarible marketplace, where users are not very suspicious and familiar with submitting transactions. This article continues to discuss the discovery and potential impact of the critical security flaw in the Rarible NFT marketplace.