Magic Eden refunds users after 25 fake NFTs sold due to exploitation
Nonfungible token (NFT) marketplace Magic Eden has promised to refund all users who were tricked into buying fake NFTs on the site as a result of an exploit.
In a statement on January 4, the company said that a bug in the recently deployed “activity indexer” for the Snappy Marketplace and Pro Trade tools essentially allowed fake NFTs to skirt verification and be listed alongside real NFT collections.
Magic Eden said the exploit led to 25 fake NFTs being sold across four pools in the past 24 hours, but is currently confirming whether additional NFTs were affected beyond the last day.
Two of the affected projects were the expensive and popular Solana-based collections ABC and y00ts.
Don’t buy these @y00tsNFT on @MagicEdenthey are fake!
Basically every collection is fake on Magiced, a massive exploit going on.
High value NFTs suffer the most, as attackers choose to exploit higher value NFTs first. pic.twitter.com/35RYHOKVxd
— HGE.SOL ♂️ (@HGESOL) 4 January 2023
The NFT platform said it has fixed the problem by temporarily disabling both tools and eliminating the “entry points” that allowed unverified NFTs to get through.
It also asked users to perform a “hard refresh” to ensure that the unverified listings no longer appear in their browsing session and shut down the purchase of unverified NFTs as a precaution.
“Magic Eden is safe for trading and we will refund all users who mistakenly purchased unverified NFTs specifically due to this issue,” it wrote.
Earlier today, unconfirmed NFTs were shown as part of confirmed collections on ME. During the last day, the impact was limited to 25 unconfirmed NFTs sold in 4 collections.
We have resolved the issue and will refund those affected. Now no one can buy unverified NFTs on ME.
— Magic Eden (@MagicEden) 4 January 2023
Magic Eden first raised the alarm over the fraudulent NFTs in a Twitter post on January 4, citing community reports that people were able to purchase fake ABC NFTs. At the time, it said it was adding “verification layers” in an attempt to fix the problem.
Following the announcement, Twitter users continued to sound the alarm about fake y00ts NFTs permeating the platform. A screenshot from ABC creator “HGE” showed at least two sales worth 100 Solana (SOL) each, a total of around $2,600.
DeGods, the creator of y00ts, too tweeted to his followers that there was an exploit on Magic Eden that allowed unverified NFTs to be listed as part of the collection.
There is currently an exploit on Magic Eden that allows unverified NFTs to be listed as part of the collection
You can confirm if an NFT is part of the collection on our explorer page linked below
If it’s not in our explorer, it’s not our NFThttps://t.co/c4HKIJJD1n
— DeGods III (@DeGodsNFT) 4 January 2023
The latest exploit is now the second incident that Magic Eden users have had to endure this week.
On January 3, the marketplace was full of pornographic images and images from the TV series The Big Bang theory.
Related:NFT Influencers Fall Victim to Cyber Attack, Lose $300K+ CryptoPunks
Magic Eden said a third-party image hosting provider was “compromised” leading to the “unsavory images” and assured users their NFTs were safe.
Cointelegraph reached out to Magic Eden for comment, but did not immediately receive a response.