Twitter users have claimed that the vulnerability has caused the price of their digital collectibles to plummet in the last week.
Veve, a nonfungible token (NFT) marketplace with licenced digital items, was hit by an attack on Tuesday, resulting in the illicit acquisition of millions of gems (in-app tokens). Mainstream brands such as Marvel, Pixar, and Coca-Cola have picked Veve as their official launch partner, demonstrating the platform’s popularity.
Veve acknowledged the breach on its platform in an official tweet released on Wednesday, saying that the attackers were able to obtain a “significant amount” of gems illegally. Until the inquiry is completed, the app-based NFT platform has taken down the marketplace as well as the gems buying option.
As a result of this exploit, we have closed the Market, Gem purchases and transfers while we investigate. We will update you on the expected timing of Market opening as soon as we can.
— VeVe | Digital Collectibles (@veve_official) March 23, 2022
Gems are the VeVe in-app currency that users may swap for collectibles in the Market or during drops. According to early reports, the attackers were able to create millions of gems without having to pay for them by exploiting a flaw in the purchase system. One user said that a friend bought gems with an expired credit card and that the transaction went through.
From what I heard someone was informed by their friend they accidentally purchased gems with an expired credit card and the transaction went through anyway. So it sounds more like an expired credit card exploit than stolen credit cards. No confirmation by Veve yet though.
— 🇺🇦 ⭕ Garlic Shrimp ⭕ 🇺🇦🧄 🦐 (@GARLICxSHRIMP) March 22, 2022
Several user accounts have also been suspended when it was discovered that they were attempting to purchase cheap gems from bogus accounts. While the NFT platform did not reveal the actual number of gems abused, a Twitter user said the sum may be in the millions, making it the site’s greatest robbery.
The Twitter user also revealed a chronology of the exploit’s actions, which included Veve registering the greatest 3-day buying of in-app token gems, followed by a 50% drop in the price of the token off app, from 0.5 to 0.25, and the marketplace going into maintenance.
Soooo….
apparently about 7M gems were fraudly purchased
Multiple accounts that interacted with them are now disabled
Veve will need to recover those gems and this will be their biggest exploit to date 😬
Users that purchased cheap gems off app will likely lose funds 🤦 https://t.co/7YG3BBXjMe
— niftyswaps.eth ⭕ (@niftyswaps) March 23, 2022
The gem vulnerabilities on Veve also led in a large drop in the price of the platform’s listed NFTs, with one user realising why his NFT value had dropped by 80% just a week after Veve’s official Twitter tweet.
@veve_official just saw your latest tweet, now I understand why my secret rare goofy dropped 80% in value from the ATH at Market in a matter of weeks and I panic sold it finally. Very unhappy! 1st BOTS and now Gem exploit???
— joker_del_mar (@jai_sond) March 23, 2022
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.