NFT Marketplace Magic Eden Promises to Refund Users Who Were Sold Fake NFTs in ‘Massive Exploit’

Source: AdobeStock / momius

Non-Fungible Token (NFT) Marketplace. Magical Eden said it would refund all users affected by the exploit that involved the sale of fake NFTs — and pass them off as “members” of verified collections.

On the morning of Jan. 4 (PT time), the marketplace team saw “a handful” of reports saying users were being shown unverified NFTs as part of verified collections on Magic Eden, the announcement said.

The incident affected popular gatherings such as ABC and y00ts. ABC creator HGE described this as “a massive exploit” affecting high-value NFTs.

HGE asked to pause the site, saying: “I know volume is important, but limit the damage first. Make sure the exploit is stopped, like make sure.”

The team came out to say that,

“We have identified over the last 24 hours that the impact was limited to 25 unconfirmed NFTs sold over 4 collections.”

The unverified NFTs appeared on the collection pages, they explained, while transactions of unverified NFTs could be seen in the activity tabs of the collections.

That said, the announcement claimed that the issue has been resolved, that the team is currently checking whether any additional NFTs were affected, and that users will be compensated, saying:

“Magic Eden is safe for trading and we will refund all users who mistakenly purchased unverified NFTs specifically due to this issue.”

Magic Eden also communicated with users about the issue via their social media accounts.

But for some this was not enough. HGE argued that this is actually not a new incident, but was done earlier on a smaller scale, and that the site should not have been running while the exploitation was active.

What happened?

The announcement said this was a user interface (UI) issue that occurred due to a new feature released to the marketplace’s Snappy Marketplace and Pro Trade tools. While the former enabled users to view recently listed and sold items on Magic Eden directly on the screen in real time, the latter allowed them to view recently listed and sold items in real time with various statistics.

However, the announcement said,

“Unfortunately, a bug was deployed in an update to both of these features, where NFTs were not verified before being listed in these two tools, which automatically included the items in the collection at large. The technical explanation is that our activity indices for these two the tools did not check that the creator address is verified.”

They emphasized that Magic Eden’s smart contract is secure and this was “an isolated user interface issue.”

The team took a number of steps to address the issue, adding an extra verification step to completely block similar types of attacks, they said.

Meanwhile, Metaplexwhich created the Solana (SOL) token standard that defines the functionality of NFTs, so that the problem was unrelated to their protocol and offered assistance to Magic Eden.

____

Learn more:
– End-user fraud and phishing attacks in Web3: Are they underreported?
– CEO of Binance warns users about new hacks targeting the cryptocurrency industry

– Former President Donald Trump’s NFT collection faces backlash after users spot Photoshop glitch
– Coinbase Disables NFT Trading on Wallet Due to Apple’s App Store Guidelines – Here’s What Happened

– $62 million in crypto stolen in December
– Fraudsters pretend to be the US State Department

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *