Counterfeit versions of popular NFTs and other fake images were displayed on the popular digital collectibles marketplace due to a bug in its latest UI update. Magic Eden has resolved the issue and promised to refund affected users.
On Monday, Solana-based non-fungible token (NFT) marketplace Magic Eden suffered an exploit where fake versions of popular collections y00ts and ABC, or Abracadabra, were being sold. Several users of the largest marketplace on the Solana blockchain noticed pornograhic images and stills from popular TV series “The Big Bang Theory” displayed in place of their items on the website.
In a tweet posted on Wednesday, Magic Eden’s team said that a third-party service the platform uses for caching images was exploited, which was the reason why users were seeing fake images when displaying NFTs. The marketplace claims that it was not hacked and all digital assets are safe. Magic Eden said the issue was resolved and asked users to hard refresh their web browsers. The bug came into view after users for a brief moment saw adult content instead of NFTs before the actual artwork was displayed.
Users also noted that unverified versions of several high-profile collections were being sold for premium prices, like a counterfeit ABC NFT was listed for 55 SOL or $726. HGE.SOL, a popular Solana-based NFT collector, said the exploit had affected all collections on the marketplace but hit the most valuable items the hardest. Attackers were able to merge sales history of the counterfeit with original versions on Magic Eden. HGE asked customers to not purchase any items until the issue was fixed.
Magic Eden confirmed that the issue was due to a bug that was contained in a new update deployed to its UI tools, Snappy Marketplace and Pro Trade. Snappy Marketplace is a feature that displays newly listed or sold items on the Magic Eden website in real-time, and Pro Trade provides users with information regarding newly listed and sold items to help them with decision making. The bug in the update led to Magic Eden’s activity index protocol for both the tools not checking whether the NFT creator’s address was verified. According to the company, the issue resulted in 25 counterfeit NFTs across four collections being sold to various users. Magic Eden explained that its smart contracts remain secure and the company will refund users that fell victim to the exploit.
The marketplace is investigating the extent of the problem to see whether there were other fraudulent trades that occurred on the platform prior to the 24-hour window. Metaplex, an agency that created the token standard for Solana and its NFTs, says the issue happened because Magic Eden did not conduct proper checks. Twitter user Christopher Moltistonki alleged that attackers are selling the exploit script on black market websites for others to utilise the vulnerability.
Magic Eden is the highest grossing NFT marketplace on the Solana ecosystem. The platform valued at $1.6 billion is responsible for 90% of all digital collectibles trades on Solana. Recently, the company expanded its services to other blockchain networks including Ethereum (ETH) and Polygon (MATIC).
Abracadabra (ABC) is the second most traded NFT collection on Magic Eden with a valuation of $26.8 million and a floor price of 201.56 SOL ($2,676). y00ts comes in third place with a total valuation of $24 million and a floor price of 149.69 SOL ($1,987). At the time of writing, SOL is trading at $13.27 – down 3.2% in the last 24-hours.