Fake Solana NFTs Are Being Sold on Magic Eden in ‘Massive’ Exploit

Creators and collectors of Solana-based NFTs are up in arms today as a major exploit at leading marketplace Magic Eden appears to be allowing scammers to pass off and sell fake NFTs as being part of prominent, verified collections.

Discussion around the exploit flared up early this morning on Twitter, where users alleged that Magic Eden was listing fraudulent NFTs from popular collections like ABC and y00ts. Sellers were apparently able to pass off the NFTs as being part of those projects, and sell them for hundreds of dollars’ worth of SOL or more.

Magic Eden tweeted about the situation this morning, thanking community members for “alerting us there was an issue where people could buy fake ABC NFTs.” The marketplace said that it had “added more verification layers per collection to resolve the issue,” and encouraged affected traders to reach out to marketplace support.

However, pseudonymous ABC creator HGE and other notable Solana figures said that the problem still wasn’t fixed. HGE described the issue as a “massive exploit,” and called on Magic Eden to temporarily shut down the marketplace until the issue is completely resolved.

“I know volume is important, but limit the damage first,” HGE tweeted at Magic Eden. “Make sure the exploit is stopped, like really make sure of it.”

Shortly after 1pm ET, Magic Eden tweeted that the issue had been resolved on its end, but that users may still see the fraudulent listings until they “hard refresh” their browsers.

“Earlier today, we resolved the root issue but believe users who didn’t hard refresh their browsers still saw unverified NFTs on collection & activity pages,” Magic Eden tweeted. “This is likely a situation that has impacted fewer than 10 collections. We will do a public postmortem [with] more details.” The company did not explain how the exploit happened and did not immediately respond to Decrypt‘s request for comment.

On Tuesday, Magic Eden similarly asked users to “hard refresh” their browsers after some saw pornographic images and stills from the TV show “The Big Bang Theory” in place of NFTs. Magic Eden blamed a hacked third-party image caching partner for the problem, and said that it was fixed.

HGE told Decrypt that he believes that this is an exploit that has been active for some time, potentially for months, but that it hadn’t been used at a high level until now. Twitter user Christopher Montistonki alleged that the exploit script is being sold on black market websites to potential scammers, and that such actions have elevated the visibility of the exploit.

HGE explained that he believes the issue has to do with Magic Eden’s index that is inadvertently including data from fraudulent NFTs on the real projects’ pages.

“They told me they fixed it when they said they fixed it,” HGE told Decrypt. “But clearly they fucked up on the fix.”

Metaplex, the creator of the Solana token standard that defines the functionality of NFTs, tweeted that the issue is unrelated to the Metaplex protocol or NFT standard.

“This issue appears to be unrelated and caused by improper checks at the marketplace layer,” Metaplex tweeted, suggesting that it’s unrelated to a previous Metaplex bug that it said was resolved back in December.

Stay on top of crypto news, get daily updates in your inbox.

Source link

Leave a Reply

GIPHY App Key not set. Please check settings

What do you think?

How laws for digital assets changed in 2022

Exploring the future of real world asset tokenization with HiFi Finance and Crown Ribbon – SlateCast #42