Gems are the VeVe in-app currency that users can use to trade for collectibles in the Market or during drops, and hackers use the VeVe app exploit to get what they want.
Blog in Nutshell
- According to early reports, the attackers used a loophole in the purchase system to create millions of gems without having to pay for them.
- Twitter users have claimed that the vulnerability has caused the price of their digital collectibles to plummet in the last week.
- One user said that a friend bought gems with an expired credit card and also that the transaction was successful.
On Tuesday, Veve, a non-fungible token (NFT) marketplace with licensed digital goods, was hacked, resulting in the theft of millions of gems (in-app tokens). Veve has been chosen as the official launch partner by mainstream brands such as Marvel, Pixar, and Coca-Cola, indicating the platform’s appeal.
Veve acknowledged the breach on its platform in an official tweet released on Wednesday, saying that the attackers were able to obtain a “significant amount” of gems illegally. Until the inquiry is completed, the app-based NFT platform has taken down the marketplace as well as the gems buying option.
How did the Veve app exploit happen?
Gems are the VeVe in-app currency that users can use to trade for collectibles in the Market or during drops. According to early reports, the attackers used a loophole in the purchase system to create millions of gems without having to pay for them. One user said that a friend bought gems with an expired credit card and also that the transaction was successful.
Several user accounts have also been suspended after it was discovered that they were attempting to purchase cheap gems from fraudulent accounts. While the NFT platform did not reveal the actual number of gems abused, a Twitter user said the sum might be in the millions, making it the site’s greatest robbery. At the time of publication, Veve had not responded to Cointelegraph’s requests for comment.
The Twitter user also revealed a chronology of the exploit’s actions, which included Veve registering the most significant 3-day buying of in-app token gems, followed by a 50% drop in the token price off an app, from 0.5 to 0.25, and the marketplace going into maintenance.
The gem vulnerabilities on the Veve app exploit also led to a large drop in the price of the platform’s listed NFTs, with one user realizing why their NFT value had plummeted by 80% in the week following Veve’s official Twitter announcement.
Are there any exploits mounts in the NFT space?
Today’s incident is the third exploit in the non-fungible token arena this month. The largest NFT marketplace on the Arbitrum blockchain, Treasure, was compromised in a sequence of transactions on March 3rd. The hackers were able to buy NFTs for free on the Market as a result of this. On the other hand, the majority of the stolen NFTs were quickly returned after the incident.
More recently, a hacker apparently stole 179 NFTs from a newly-launched NFT project, Rare Bears, and accumulated approximately $800,000 from the stolen NFTs. According to Cryptopolitan, the hacker gained access to Rare Bears’ Discord admin account, where he posted a phishing link with members and stole their NFTs.