Check Point, a multinational cyber security firm, discovered a security gap in the renowned non-fungible tokens’ trading platform, Rarible. The cyber security outfit asserted that an entry through the crack could allow someone to steal an account’s entire virtual assets with a single deal.
Rarible, which hosts more than two million in-use accounts, reportedly supervised deals worth over 272 million USD in 2021. Check Point notes that the NFT marketplace thus had sufficient credibility with reasonably confident users trading on the platform.
The cyber security company’s expert informed Rarible of the flaw on the 5th of April, after which the marketplace confirmed the gap and immediately addressed it. Check Point’s researchers outlined the potential route of an attack, highlighting different steps of the process.
Whenever a potential victim clicks on a harmful non-fungible token, the NFT undertakes a code that essentially asks the victim to give access to their digital wallets. Once the potential victim approves access to their wallet, the attacker has the chance to execute his plans with the individual’s assets.
Check Point reportedly started paying attention to potential cyber security threats after attackers hacked the wallet of a renowned celebrity in Taiwan. Further investigation revealed that the thieves later sold the actor’s non-fungible tokens for 500,000 USD.
Incidentally, the cyber security organization also noticed severe security gaps on another trading marketplace called OpenSea in October 2021. The firm’s investigation said that a breach could grant hackers full access to all wallets on the platform.
Check Point urged owners of non-fungible tokens to be security conscious when considering cryptocurrency-related products and services online. Whenever a link shows symptoms of being unusual or malicious, the firm counsels virtual asset owners to reject it and subject it to additional criticism before giving any approvals.
Increasing Spate of Cyber-attacks on NFT Trading Platforms
Rarible’s situation comes shortly after TreasureDAO, another NFT trading platform, lost hundreds of NFTs in a group of Internet deals. The hackers reportedly breached a security gap in the system, which allowed them to curate NFTs without charge.
A hacker also reportedly exploited specific accounts on OpenSea in January. The reports say that the malicious individual stole ETH worth about 750,000 USD from the funds.
The US Links North Korean Hacker to Axie Infinity’s Historic Crypto Breach
In another more recent development, Axie Infinity, a play-to-earn game, lost over 600k USD to a security breach last month, which reports say is one of the cryptocurrency world history’s most enormous losses. The situation has raised significant concerns about the reliability of virtual assets from different individuals and organizations.
However, the US Treasury linked malicious individuals in North Korea to the event. Nobody has yet publicly allotted blame for the breach. But US observers said that a North Korean hacker named “Lazarus” controls one of the recipient crypto addresses in the breach.
“Lazarus” gained popularity in 2014 when it reportedly hacked a venture belonging to Sony. Investigations also linked him to another series of “WannaCry” attacks which breached the assets of financial institutions and client accounts of foreign countries.