Nonfungible token (NFT) marketplace Magic Eden has pledged to refund all users who were duped into purchasing fake NFTs on its website as a result of an exploit.
In a Jan. 4 statement, the company said a bug in its newly deployed “activity indexer” for its Snappy Marketplace and Pro Trade tools essentially allowed fake NFTs to skirt verification and get listed alongside genuine NFT collections.
In an update on Jan. 5, Magic Eden said the exploit led to 13 fraudulent NFTs sold across five collections that were transacted 27 times amounting to around 1,100 Solana (SOL), worth nearly $15,000.
Two of the affected projects were the high-priced and popular Solana-based collections ABC and y00ts.
Do not buy these @y00tsNFT on @MagicEden, they are fake!
Basically, every single collection is fake on Magiceden, a massive exploit is happening ongoing.
High-value NFTs are suffering the most, as attackers choose to exploit higher-value NFTs first. pic.twitter.com/35RYHOKVxd
— HGE.SOL ♂️ (@HGESOL) January 4, 2023
The NFT platform said it has rectified the issue by temporarily disabling both tools and eliminating the “entry points” that allowed unverified NFTs to get through.
It also asked users to perform a “hard refresh” to ensure the unverified listings no longer show up on their browser session and shut down the purchase of unverified NFTs as a precaution.
“Magic Eden is safe for trading and we will refund all the users who mistakenly bought unverified NFTs specifically due to this issue,” it wrote.
Earlier today, unverified NFTs were being shown as part of verified collections on ME. In the last day, impact was contained to 25 unverified NFTs sold in 4 collections.
We’ve resolved the issue and will refund those affected. Now, no one can buy unverified NFTs on ME.
— Magic Eden (@MagicEden) January 4, 2023
Magic Eden first raised the alarm over the fraudulent NFTs in a Twitter post on Jan. 4, citing community reports that people were able to buy fake ABC NFTs. At the time, it said it added “verification layers” in an attempt to resolve the issue.
After the announcement, Twitter users continued to sound the alarm on fake y00ts NFTs pervading the platform. A screenshot from ABC creator “HGE” showed at least two sales worth 100 SOL each, a total amount of around $2,600.
DeGods, the creator of y00ts, also tweeted to its followers that there was an exploit on Magic Eden that allowed unverified NFTs to be listed as part of the collection.
There is currently an exploit on Magic Eden allowing for unverified NFT’s to be listed as part of the collection
You can verify if an NFT is part of the collection on our explore page linked below
If it’s not in our explorer, it’s not our NFThttps://t.co/c4HKIJJD1n
— DeGods III (@DeGodsNFT) January 4, 2023
The latest exploit is now the second incident that users of Magic Eden has had to go through this week.
On Jan. 3, the marketplace was littered with pornographic images and images from the television series The Big Bang Theory.
Related: NFT influencer falls victim to cyberattack, loses $300K+ CryptoPunks
Magic Eden said a third-party image hosting provider was “compromised” leading to the “unsavory images” and assured users their NFTs were safe.
Update (Jan. 5, 10:00 PM UTC): The article was updated to reflect the most recent figures from Magic Eden released on Jan. 5 stating 13 fake NFTs were sold across five collections. Previously it reported 25 fake NFTs sold across four collections.
Source: https://cointelegraph.com/news/magic-eden-to-refund-users-after-25-fake-nfts-sold-due-to-exploit