Malicious actors could exploit a now-addressed vulnerable in the Rarible NFT marketplace
to take over accounts and steal cryptocurrency assets, reports The Hacker News.
Check Point researchers
revealed that users could be lured into clicking malicious NFTs to gain cryptocurrency wallet control and exfiltrate funds.
"There is still a huge gap between, in terms of security, between Web2 and Web3 infrastructure. Any small vulnerability can possibly allow cybercriminals to hijack crypto wallets behind the scenes. We are still in a state where marketplaces that combine Web3 protocols are lacking from a security perspective. The implications following a crypto hack can be extreme," said Check Point Products Vulnerabilities Research Head Oded Vanunu.
Meanwhile, Rarible said that only users who leave the site for a malicious third-party and use their wallets to sign suggested transactions could be impacted by the bug.
"Simply clicking the link is not enough and user interaction and confirmation for transactions is required. We encourage users to stay vigilant, and pay attention to the websites they visit and transactions they sign to stay safe," Rarible said.