Magic Eden has become the latest victim of an exploit that led to the listing and sale of fake NFTs through the platform. A total of 25 fraudulent non-fungible tokens (NFTs) were purchased by unsuspecting buyers. The NFT marketplace says it will compensate the victims of this scam and take responsibility for this exploit in which internal systems of the marketplace were breached. The issue was discovered on Wednesday by members of the NFT community, after which the service disabled the affected features and added an additional verification step to prevent similar types of attacks.
Popular NFT platform Magical Eden recently updated some of the features of its service. cheater managed to break the platform after the update and listed these fake NFTs alongside real ones on the platform.
These fake NFTs were added as part of four existing collections – including y00ts and ABC.
The exploit happened over the course of 24 hours and was identified by NFT community members on January 4th.
Don’t buy these @y00tsNFT on @MagicEdenthey are fake!
Basically every single collection on Magiceden is fake, massive exploit is taking place.
High-value NFTs suffer the most as attackers choose to exploit higher-value NFTs first. pic.twitter.com/35RYHOKVxd
— HGE.SOL :abc::male_mage: (@HGESOL) January 4, 2023
There is an easy way to verify whether the NFT is genuine or not. Just check the information link. Fake NFTs refer to a fake collection pic.twitter.com/dq6ifWEYdD
— S◎L Shiva: Handshake: (@Aditozz) January 4, 2023
Soon after, Magic Eden admitted that its systems were indeed breached. “These unverified NFTs were showing up on collection pages and transactions from unverified NFTs were showing up in collection activity tabs. The technical explanation is that our activity indexer for our Snappy Marketplace and Pro Trade tools did not check if the creator’s address is verified,” the digital collectibles marketplace wrote in one explanatory post
Earlier today, unverified NFTs were showing up as part of verified collections on ME. On the final day, influence was limited to 25 unverified NFTs sold across 4 collections.
We’ve fixed the issue and are refunding the purchase price to those affected. Now nobody can buy unverified NFTs on ME.
— Magic Eden :magic_wand: (@MagicEden) January 4, 2023
Magic Eden, which launched last year, disabled the affected features and added an additional verification step to prevent similar types of attacks.
On January 3rd, visitors to the Solana based platform were greeted by unsavory images that popped up on the screen.
The pages for some NFT collections on Magic Eden featured pornographic images and still images from the popular American sitcom The Big Bang Theory instead of the NFT thumbnails.
Many thought this was a Magic Eden hack before the platform came forward and announced that their third-party image hosting platform had been compromised.
Hey guys, our image provider, a third-party service we use to cache images, has been compromised. Your NFTs are safe and Magic Eden has not been hacked. Unfortunately, you may have seen some um, unsavory images. Make sure to hard refresh your browser to fix the problem.
— Magic Eden :magic_wand: (@MagicEden) January 3, 2023
The NFT sector has remained a target for malicious scammers in 2022. A Report by Slowmist recently claimed that the notorious North Korean Lazarus Group, notorious for launching cyber attacks, launched around 500 phishing domains to fool NFT buyers.
In the last week of December anti-theft platform harpie had said that a new type of scam is targeting OpenSea visitors, offering “gasless sales” on the platform and eventually redirecting victims to phishing sites.
Join us for the latest from the Consumer Electronics Show on Gadgets 360 CES 2023 hub.
