Company discovers critical vulnerability in rival OpenSea platform | update Official statement from Rarible

Check Point, an Israeli multinational linked to technology security, said it had identified a security flaw in the NFT Rarible trading platform. With over two million monthly active users, the platform is OpenSea’s main rival.

According to the company, the flaw has not yet been exploited by any hackers. But if that happens, a hacker could gain access to a user’s NFTs and cryptocurrency wallet. All this in a single transaction.

Rarible platform safety flash

Rarible users traded $273 million in 2021, but Chack Point mentioned that users of the platform are “less suspicious and familiar with presenting transactions.”

According to the company, the problem involves sending a malicious link posing as Rarible’s official website. However, the link carries a malicious program that invades the wallet.

“The victim receives a link to a malicious NFT or browses the site and clicks on that link. The malicious NFT executes JavaScript code and attempts to send a full access request to the victim. If the request is accepted, the hacker would gain full access to the NFTs and wallets,” Check Point said.

The attack claimed a Taiwanese singer, Jay Chou, whose NFTs were allegedly stolen and sold for $500,000 on April 5. This caught the attention of Check Point, which decided to investigate the situation.

The company then communicated the case to the Rarible team, who analyzed and acknowledged the flaw. Fixing the problem was performed immediately.

Interestingly, the company also detected security vulnerabilities in OpenSea last October, which had the same risk. Four months later, OpenSea did indeed suffer an attack.

Finally, Check Point cautioned users to be careful when receiving access requests. “If the request looks suspicious, it should be rejected. Do not provide any type of information from your wallet”, warned.

Official statement from Rarible:

Having thoroughly analyzed the report provided by Check Point, our team has come to the conclusion that the identified vulnerability does not directly affect Rarible.com users, their wallets and their data.

The vulnerability could potentially affect users only in case they deliberately leave Rarible.com for a third-party resource with malicious content, and consciously sign suggested transactions with their wallets. Simply clicking the link is not enough and user interaction and confirmation for transactions is required.  

Despite the fact that Rarible.com users and their funds are not directly affected by the vulnerability, our team is working on enhancing user security even on third-party resources. Rarible has been working closely with multiple cyber security teams including ChainSecurity to proactively ensure a safe experience for the NFT community.

We encourage users to stay vigilant, and pay attention to the websites they visit and transactions they sign to stay safe.