The skepticism has allowed the theft of wallets in one of the world’s largest NFT markets

Massive offense in Rarible, one of the largest NFT stores in the world, could allow consumers to steal photos and wallets. The negative involves interfering with sending bad signals to the victim by creating a malfunction in the service, resulting in an authorization that allows a third party to control the assets. at the user registration of the platform.

The opening was discovered by security experts at Check Point after Taiwanese singer Jay Chou fell victim to fraud, resulting in the fall of NFT from the popular Bored Ape Yacht. Club sau. The images were later resold at the store for $ 500,000, leading experts to inspect the Rarible and find defects, which could affect other owners of the tokens.

The attack was caused by malicious NFTs that could be created by hackers in the online store itself. By linking to a phishing attack or by searching directly, the victim can have direct contact with the file, which completes the JavaScript code and asks the victim for a release. cai; If approved, fraudsters could gain access to a user’s wallet, trigger money laundering, theft of information and sale of tokens.

When we talk about trade with more than two million consumer devices per month and more than US $ 273 million (almost R $ 1.3 billion in current exchange) in 2021, the opening takes on a new world of gravity. The platform is also attractive for providing up to 50% revenue to NFT owners, in the event of a sale in the secondary market, and reports on its regular use. of users who are less skeptical and more familiar with the industry in this segment.

Marketplace Rarible has a well-designed design that allows users to steal NFTs and wallets; The hole was supposedly patched before being exploited en masse by criminals (Image: Reproduction / Check Point)

Details of the failure to release were not released, as Rarible was aware of the problem and was already using mitigation measures to keep the breach non-existent. The Check Point report of the case does not address the use of malicious force, meaning that it was not widely used by cybercriminals before the patch.

“We continue to see efforts by fraudsters to benefit from digital services, especially in the NFT industry, where the impact can be severe,” he said. said Oded Vanunu, Director of Chemical Research at Check Point. According to him, increased integration of cryptocurrencies and security is one of the focus on the training of current professionals, mainly focused on greater knowledge and lower risk of loss. when successful.

To avoid this kind of scam, the recommendation is that users be careful with commercial and NFT attachments. It is important to ensure the authenticity of the tokens provided before authorization and contact support if necessary, while also keeping a good face for the already authorized tokens that come. can lead to serious violence.

Source: Checkpoint

Leave a Comment