Magic Eden Hit With ‘Massive Exploit’, Customers Accidentally Purchase 25 Fake NFTs on Platform

Magic Eden has become the latest victim of an exploit, leading to the listing and sale of fake NFTs via the platform. A total of 25 fraudulent non-fungible tokens (NFTs) were purchased by unsuspecting buyers. The NFT marketplace says it will compensate the victims of this scam, taking responsibility of this exploit where internal systems of the marketplace were violated. The issue was spotted by members of the NFT community on Wednesday, after which the service disabled the affected features and added an extra verification step to prevent similar types of attacks.

Popular NFT platform Magic Eden recently updated some of the features on its service. Scammers managed to breach the platform after the update and listed these fake NFTs alongside genuine ones on the platform.

These fake NFTs were added as part of four existing collections — which include y00ts and ABC.

The exploit transpired over the course of 24 hours and was identified by the members of the NFT community on January 4.

Soon after, Magic Eden admitted that its systems, were indeed violated. “These unverified NFTs showed up on the collection pages and transactions of unverified NFTs showed up in the activity tabs of the collections. The technical explanation is that our activity indexer for our Snappy Marketplace and Pro Trade tools did not check that the creator address is verified,” the marketplace for digital collectibles wrote in an explanatory post

Magic Eden, which was launched last year, disabled the affected features and added an extra verification step to prevent similar types of attacks.

On January 3, visitors of the Solana-based platform were greeted by unsavoury images being displayed on screen.

The pages for some NFT collections on Magic Eden flashed pornographic visuals and stills from the popular American sitcom The Big Bang Theory in the place of the NFT thumbnails.

Many thought this was a hack attack on Magic Eden before the platform came forward and disclosed that its third-party image hosting platform was compromised.

The NFT sector has remained a target for malicious scammers throughout 2022. A report by Slowmist had claimed recently that North Korea's notorious Lazarus Group, infamous for triggering cyber-attacks, have launched around 500 phishing domains to dupe NFT buyers.

In the last week of December, anti-theft platform Harpie had said that a new kind of scam is targeting OpenSea visitors, that offers ‘gasless sales' on the platform and eventually redirects the victims to phishing sites.