Magic Eden, a marketplace for nonfungible tokens (NFT), has promised to reimburse all customers who were tricked into buying fake NFTs through its website.
According to the company, fake NFTs were able to bypass verification and be listed alongside real NFT collections in a Jan. 4 release.
Magic Eden stated that the exploit led to 25 fraudulent NFTs being sold across four collections over the past 24 hours. However, he is currently verifying whether additional NFTs have been affected beyond the last day.
Two of the most affected projects included the highly-priced, popular Solana collections ABC and the y00ts.
These @y00tsNFT are fake and should not be purchased on @MagicEden
Magiceden is essentially faking every collection. This is a huge exploit that is ongoing.
High-value NFTs are the worst affected, because attackers want to exploit NFTs with higher values first. pic.twitter.com/35RYHOKVxd
— HGE.SOL ♂️ (@HGESOL) January 4, 2023
The NFT platform said it has rectified the issue by temporarily disabling both tools and eliminating the “entry points” that allowed unverified NFTs to get through.
It also asked users to perform a “hard refresh” to ensure the unverified listings no longer show up on their browser session and shut down the purchase of unverified NFTs as a precaution.
“Magic Eden is safe for trading and we will refund all the users who mistakenly bought unverified NFTs specifically due to this issue,” it wrote.
Unverified NFTs were shown earlier today as part of verified ME collections. The impact of the last day was limited to 25 unverified NFTs that were sold in four collections.
We have solved the problem and will reimburse those who were affected. It is now impossible to buy unverified NFTs via ME.
— Magic Eden (@MagicEden) January 4, 2023
Magic Eden raised concern about the fake NFTs first in a tweet on Jan. 4. It cited community reports that people could buy fake ABC NFTs. At the time, it said it added “verification layers” in an attempt to resolve the issue.
Twitter users continued to raise alarm over fake y00ts NFTs invading the platform after the announcement. A screenshot from ABC creator “HGE” showed at least two sales worth 100 Solana (SOL) each, a total amount of around $2,600.
DeGods, creator of y00ts also tweeted its followers that there was an exploit in Magic Eden that allowed unverified NFTs for inclusion in the collection.
There is currently an exploit on Magic Eden allowing for unverified NFT’s to be listed as part of the collection
On the explore page, you can check if an NFT has been added to the collection.
If it’s not in our explorer, it’s not our NFThttps://t.co/c4HKIJJD1n
— DeGods III (@DeGodsNFT) January 4, 2023
Users of Magic Eden have had to deal with the latest exploit twice in this week.
Jan. 3 saw the release of pornographic images, as well images from The Big Bang Theory.
Magic Eden said a third-party image hosting provider was “compromised” leading to the “unsavory images” and assured users their NFTs were safe.
Cointelegraph reached Magic Eden to request comment, but didn’t receive a reply immediately.