Creators and collectors of Solana-based NFTs are up in arms today as a major exploit at leading marketplace Magic Eden appears to be allowing scammers to pass off and sell fake NFTs as being part of prominent, verified collections.
Discussion around the exploit flared up early this morning on Twitter, where users alleged that Magic Eden was listing fraudulent NFTs from popular collections like ABC and y00ts. Sellers were apparently able to pass off the NFTs as being part of those projects, and sell them for hundreds of dollars’ worth of SOL or more.
Magic Eden tweeted about the situation this morning, thanking community members for “alerting us there was an issue where people could buy fake ABC NFTs.” The marketplace said that it had “added more verification layers per collection to resolve the issue,” and encouraged affected traders to reach out to marketplace support.
Do not buy these @y00tsNFT on @MagicEden, they are fake!
Basically, every single collection is fake on Magiceden, a massive exploit is happening ongoing.
High-value NFTs are suffering the most, as attackers choose to exploit higher-value NFTs first. pic.twitter.com/35RYHOKVxd
— HGE.SOL 🔤🧙♂️ (@HGESOL) January 4, 2023
However, pseudonymous ABC creator HGE and other notable Solana figures said that the problem still wasn’t fixed. HGE described the issue as a “massive exploit,” and called on Magic Eden to temporarily shut down the marketplace until the issue is completely resolved.
“I know volume is important, but limit the damage first,” HGE tweeted at Magic Eden. “Make sure the exploit is stopped, like really make sure of it.”
Shortly after 1pm ET, Magic Eden tweeted that the issue had been resolved on its end, but that users may still see the fraudulent listings until they “hard refresh” their browsers.
Update: Please hard refresh your browsers to make sure you are only seeing verified collection items. We’re monitoring the situation & will use this thread for updates.
We have fixed 2 issues:
1) fake NFTs being listed on collection pages
2) tx of fake NFTs on activity tabs
— Magic Eden 🪄 (@MagicEden) January 4, 2023
“Earlier today, we resolved the root issue but believe users who didn’t hard refresh their browsers still saw unverified NFTs on collection & activity pages,” Magic Eden tweeted. “This is likely a situation that has impacted fewer than 10 collections. We will do a public postmortem [with] more details.” The company did not explain how the exploit happened and did not immediately respond to Decrypt’s request for comment.
On Tuesday, Magic Eden similarly asked users to “hard refresh” their browsers after some saw pornographic images and stills from the TV show “The Big Bang Theory” in place of NFTs. Magic Eden blamed a hacked third-party image caching partner for the problem, and said that it was fixed.
HGE told Decrypt that he believes that this is an exploit that has been active for some time, potentially for months, but that it hadn’t been used at a high level until now. Twitter user Christopher Montistonki alleged that the exploit script is being sold on black market websites to potential scammers, and that such actions have elevated the visibility of the exploit.
HGE explained that he believes the issue has to do with Magic Eden’s index that is inadvertently including data from fraudulent NFTs on the real projects’ pages.
“They told me they fixed it when they said they fixed it,” HGE told Decrypt. “But clearly they fucked up on the fix.”
Metaplex, the creator of the Solana token standard that defines the functionality of NFTs, tweeted that the issue is unrelated to the Metaplex protocol or NFT standard.
“This issue appears to be unrelated and caused by improper checks at the marketplace layer,” Metaplex tweeted, suggesting that it’s unrelated to a previous Metaplex bug that it said was resolved back in December.
Stay on top of crypto news, get daily updates in your inbox.
Source: https://decrypt.co/118412/fake-solana-nfts-magic-eden-massive-exploit
