Magic Eden has become the latest victim of an exploit, leading to the listing and sale of fake NFTs via the platform. A total of 25 fraudulent non-fungible tokens (NFTs) were purchased by unsuspecting buyers. The NFT marketplace says it will compensate the victims of this scam, taking responsibility of this exploit where internal systems of the marketplace were violated. The issue was spotted by members of the NFT community on Wednesday, after which the service disabled the affected features and added an extra verification step to prevent similar types of attacks.
Popular NFT platform Magic Eden recently updated some of the features on its service. Scammers managed to breach the platform after the update and listed these fake NFTs alongside genuine ones on the platform.
These fake NFTs were added as part of four existing collections — which include y00ts and ABC.
The exploit transpired over the course of 24 hours and was identified by the members of the NFT community on January 4.
Do not buy these @y00tsNFT on @MagicEden, they are fake!
Basically, every single collection is fake on Magiceden, a massive exploit is happening ongoing.
High-value NFTs are suffering the most, as attackers choose to exploit higher-value NFTs first. pic.twitter.com/35RYHOKVxd
— HGE.SOL :abc::male_mage: (@HGESOL) January 4, 2023
There is an easy way to check if the NFT is real or not. Just check the information link. Fake NFT’s refer to a fake collection pic.twitter.com/dq6ifWEYdD
— S◎L Shiva :handshake: (@Aditozz) January 4, 2023
Soon after, Magic Eden admitted that its systems, were indeed violated. “These unverified NFTs showed up on the collection pages and transactions of unverified NFTs showed up in the activity tabs of the collections. The technical explanation is that our activity indexer for our Snappy Marketplace and Pro Trade tools did not check that the creator address is verified,” the marketplace for digital collectibles wrote in an explanatory post
Earlier today, unverified NFTs were being shown as part of verified collections on ME. In the last day, impact was contained to 25 unverified NFTs sold in 4 collections.
We’ve resolved the issue and will refund those affected. Now, no one can buy unverified NFTs on ME.
— Magic Eden :magic_wand: (@MagicEden) January 4, 2023
Magic Eden, which was launched last year, disabled the affected features and added an extra verification step to prevent similar types of attacks.
On January 3, visitors of the Solana-based platform were greeted by unsavoury images being displayed on screen.
The pages for some NFT collections on Magic Eden flashed pornographic visuals and stills from the popular American sitcom The Big Bang Theory in the place of the NFT thumbnails.
Many thought this was a hack attack on Magic Eden before the platform came forward and disclosed that its third-party image hosting platform was compromised.
Hey guys our image provider, a 3rd party service we use to cache images, was compromised. Your NFTs are safe and Magic Eden has not been hacked. Unfortunately you might’ve seen some um, unsavory images. Make sure you do a hard refresh on your browser to fix it.
— Magic Eden :magic_wand: (@MagicEden) January 3, 2023
The NFT sector has remained a target for malicious scammers throughout 2022. A report by Slowmist had claimed recently that North Korea’s notorious Lazarus Group, infamous for triggering cyber-attacks, have launched around 500 phishing domains to dupe NFT buyers.
In the last week of December, anti-theft platform Harpie had said that a new kind of scam is targeting OpenSea visitors, that offers ‘gasless sales’ on the platform and eventually redirects the victims to phishing sites.
Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2023 hub.