Veve, a non-fungible token (NFT) marketplace with licensed digital collectibles, experienced an exploit on Tuesday, leading to the illegal acquisition of millions of gems. The platform is quite popular with major brands like Marvel, Pixar and Coca-Cola who have chosen it as their official launch partner.
In an official tweet posted on Wednesday, Veve acknowledged the exploit on its platform, saying the attackers managed to acquire a “large number” of gems illegitimately. The app-based NFT platform has closed the market along with the option to purchase gems until the investigation is complete.
As a result of this exploit, we have closed the Market, Gem purchases and transfers while we investigate. We will update you on the expected timing of Market opening as soon as we can.
— VeVe | Digital Collectibles (@veve_official) March 23, 2022
Gems are the in-app VeVe token that users use to exchange them for collectibles during auctions or in the market. Initial reports suggest that those responsible for the attack managed to mint millions of gems without having to pay for them by taking advantage of a flaw in the purchasing mechanism. One user wrote that his friend accidentally bought gems using an expired credit card and the transaction went through.
From what I heard someone was informed by their friend they accidentally purchased gems with an expired credit card and the transaction went through anyway. So it sounds more like an expired credit card exploit than stolen credit cards. No confirmation by Veve yet though.
— â• Garlic Shrimp â• (@GARLICxSHRIMP) March 22, 2022
The platform has also restricted several accounts of users who allegedly tried to buy cheap gems to fraudulent accounts. Although the NFT platform did not reveal the exact amount of gems, a Twitter user has claimed that the figure could be in the millions and could be the biggest theft on the platform. Veve did not respond to requests for comment from Cointelegraph at the time of publication of this story.
Another Twitter user also shared a history of exploit events where Veve first recorded the largest 3-day purchase of the in-app token, followed by a halving in the out-of-app token price, falling from 0.5 to 0.25 and then the market goes into maintenance.
soooo….
apparently about 7M gems were fraudly purchased
Multiple accounts that interacted with them are now disabled
Veve will need to recover those gems and this will be their biggest exploit to date
Users that purchased cheap gems off app will likely lose funds https://t.co/7YG3BBXjMe
— niftyswaps.eth â• (@niftyswaps) March 23, 2022
The Veve gem exploit also caused a massive drop in the price of NFTs available on the platform, with one user realizing why his NFT value plummeted 80% in a week after Veve’s official post on Twitter.
@veve_official just saw your latest tweet, now I understand why my secret rare goofy dropped 80% in value from the ATH at Market in a matter of weeks and I panic sold it finally. Very unhappy! 1st BOTS and now Gem exploit???
– joker_del_mar (@jai_sond) March 23, 2022
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.