Magic Eden Hit With 'Massive Exploit', Customers Accidentally Purchase 25 Fake NFTs on Platform

The Magic Eden NFT marketplace has vouched to compensate the victims of this scam.

Written by Radhika Parashar, Edited by David Delima | Updated: 5 January 2023 14:16 IST

Magic Eden Hit With 'Massive Exploit', Customers Accidentally Purchase 25 Fake NFTs on Platform

Photo Credit: Magic Eden

These unverified NFTs showed up on the collection pages of y00ts, ABC

Highlights

Magic Eden visitors are alerting each other
Magic Eden has disabled features that were breached
Magic Eden, based on Solana, was launched last year

Magic Eden has become the latest victim of an exploit, leading to the listing and sale of fake NFTs via the platform. A total of 25 fraudulent non-fungible tokens (NFTs) were purchased by unsuspecting buyers. The NFT marketplace says it will compensate the victims of this scam, taking responsibility of this exploit where internal systems of the marketplace were violated. The issue was spotted by members of the NFT community on Wednesday, after which the service disabled the affected features and added an extra verification step to prevent similar types of attacks.

Popular NFT platform Magic Eden recently updated some of the features on its service. Scammers managed to breach the platform after the update and listed these fake NFTs alongside genuine ones on the platform.

These fake NFTs were added as part of four existing collections — which include y00ts and ABC.

Israel Opens Proposed Crypto Rulebook for Public Comments: Details

The exploit transpired over the course of 24 hours and was identified by the members of the NFT community on January 4.

Do not buy these @y00tsNFT on @MagicEden, they are fake!

Basically, every single collection is fake on Magiceden, a massive exploit is happening ongoing.

High-value NFTs are suffering the most, as attackers choose to exploit higher-value NFTs first. pic.twitter.com/35RYHOKVxd
— HGE.SOL :abc::male_mage: (@HGESOL) January 4, 2023

There is an easy way to check if the NFT is real or not. Just check the information link. Fake NFT's refer to a fake collection pic.twitter.com/dq6ifWEYdD
— S◎L Shiva :handshake: (@Aditozz) January 4, 2023

Soon after, Magic Eden admitted that its systems, were indeed violated. “These unverified NFTs showed up on the collection pages and transactions of unverified NFTs showed up in the activity tabs of the collections. The technical explanation is that our activity indexer for our Snappy Marketplace and Pro Trade tools did not check that the creator address is verified,” the marketplace for digital collectibles wrote in an explanatory post

Earlier today, unverified NFTs were being shown as part of verified collections on ME. In the last day, impact was contained to 25 unverified NFTs sold in 4 collections.

We've resolved the issue and will refund those affected. Now, no one can buy unverified NFTs on ME.
— Magic Eden :magic_wand: (@MagicEden) January 4, 2023

Magic Eden, which was launched last year, disabled the affected features and added an extra verification step to prevent similar types of attacks.

On January 3, visitors of the Solana-based platform were greeted by unsavoury images being displayed on screen.

Indian Government to Roll Out Awareness Campaign for Crypto Investors: Report

The pages for some NFT collections on Magic Eden flashed pornographic visuals and stills from the popular American sitcom The Big Bang Theory in the place of the NFT thumbnails.

Yo @MagicEden wtf is this pic.twitter.com/Xums9EZtm6
— Fede (@fedeonekenoby) January 3, 2023

Many thought this was a hack attack on Magic Eden before the platform came forward and disclosed that its third-party image hosting platform was compromised.

Hey guys our image provider, a 3rd party service we use to cache images, was compromised. Your NFTs are safe and Magic Eden has not been hacked. Unfortunately you might've seen some um, unsavory images. Make sure you do a hard refresh on your browser to fix it.
— Magic Eden :magic_wand: (@MagicEden) January 3, 2023

The NFT sector has remained a target for malicious scammers throughout 2022. A report by Slowmist had claimed recently that North Korea's notorious Lazarus Group, infamous for triggering cyber-attacks, have launched around 500 phishing domains to dupe NFT buyers.

In the last week of December, anti-theft platform Harpie had said that a new kind of scam is targeting OpenSea visitors, that offers ‘gasless sales' on the platform and eventually redirects the victims to phishing sites.

Will crypto tax hurt the industry in India? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Cryptocurrency, NFTs, Magic Eden

Radhika Parashar

Email Radhika

Radhika Parashar is a senior correspondent for Gadgets 360. She has been reporting on tech and telecom for the last three years now and will be focussing on writing about all things crypto. Besides this, she is a major sitcom nerd and often replies in Chandler Bing and Michael Scott references. For tips or queries you could reach out to her at RadhikaP@ndtv.com. More