Non-fungible token (NFT) marketplace Magic Eden was recently exploited by scammers who listed fake NFTs, duping unsuspecting buyers. While pledging to refund the buyers, the platform claimed it had resolved the hitch that a UI issue had reportedly caused.
The scammers targeted popular NFT collections, mainly ABC and y00ts, listing fake NFTs and selling them for hundreds of dollars. NFT creators took to social media platforms to expose the fraudsters, with Magic Eden thanking its community for alerting it to the fraud.
Basically, every single collection is fake on Magiceden, a massive exploit is happening ongoing.
High-value NFTs are suffering the most, as attackers choose to exploit higher-value NFTs first. pic.twitter.com/35RYHOKVxd
— HGE.SOL 🔤🧙♂️ (@HGESOL) January 4, 2023
While Magic Eden initially claimed to have resolved the issue and delisted all the fake NFTs, creators disputed the claims on social media, revealing that the scammers were able to keep listing the fake NFTs.
“Update: Please hard refresh your browsers to make sure you are only seeing verified collection items. We’re monitoring the situation & will use this thread for updates. Earlier today, we resolved the root issue but believe users who didn’t hard refresh their browsers still saw unverified NFTs on collection & activity pages,” the NFT marketplace would later tweet.
The platform later revealed that the scammers had managed to sell 13 fake NFTs for 1,100 SOL, valued at $15,000 at the time. It pledged to fully refund the affected users.
In its post-mortem, the Solana-based marketplace blamed the glitch on new features it recently deployed.
“This was a UI issue due to a new feature deployment that we released to our Snappy Marketplace and Pro Trade tools. Unfortunately, there was a bug deployed in an update to both of these features, where NFTs were not verified before being listed into these two tools, which automatically included the items into the collection at large. The technical explanation is that our activity indexer for these two tools did not check that the creator address is verified,” it stated.
Alongside the fake NFTs, Magic Eden also had to deal with yet another glitch that led to users seeing pornographic images when they tried to view some NFTs. The marketplace blamed this glitch on a third-party image caching service.
Just as with the other issue, Magic Eden told its users that this was no problem a hard refresh of their browsers couldn’t solve.
Hey guys our image provider, a 3rd party service we use to cache images, was compromised. Your NFTs are safe and Magic Eden has not been hacked. Unfortunately you might’ve seen some um, unsavory images. Make sure you do a hard refresh on your browser to fix it.
— Magic Eden 🪄 (@MagicEden) January 3, 2023
The end of the road for Solana?
While the glitches are a minor setback, Magic Eden has been greatly impacted by the continued decline in usage of the Solana blockchain. With its biggest backer Sam Bankman-Fried now staring at a jail term for fraud at FTX, Solana’s best days seem to be behind it. Just recently, two of its biggest NFT projects abandoned the chain, migrating to Polygon and Ethereum.
— y00ts (@y00tsNFT) December 25, 2022
DeGods and y00ts announced that they would be migrating from Solana in late December, with the founder claiming that they had a glass ceiling on the blockchain network.
“It’s hard to accept, but it’s been tough to grow at the rate we want to grow. There’s an argument to be made that [DeGods] has capped out on Solana,” the founder, known as Frank III to his fans, stated.
The migrations capped what has been Solana’s worst year yet. Just days before, in early December, hackers exploited a fake security update to wipe out users of the Solana-powered Phantom wallet. The hackers airdropped NFTs to users, and upon receipt, the users were redirected to a fake update that gave hackers access to their wallets.
Solana’s woes have seen its token take a nosedive, dropping from $258 in late 2021 to now trade at $16.
Follow CoinGeek’s Crypto Crime Cartel series, which delves into the stream of groups—from BitMEX to Binance, Bitcoin.com, Blockstream, ShapeShift, Coinbase, Ripple, Ethereum,
FTX and Tether—who have co-opted the digital asset revolution and turned the industry into a minefield for naïve (and even experienced) players in the market.
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.