Veve, a non-fungible token (NFT) marketplace with licensed digital collectibles, encountered an exploit on Tuesday that resulted in the illegal acquisition of millions of gems (in-app tokens). The platform is quite popular with major brands such as Marvel, Pixar and Coca-Cola, who have chosen Veve as their official launch partner.
In an official tweet posted on Wednesday, Veve acknowledged the exploit on its platform and said the attackers managed to illegally obtain a “large amount” of gems. The app-based NFT platform has closed the market along with the option to buy gems pending investigation.
As a result of this vulnerability, we have closed the market, purchases, and transfers of gems while we investigate. We will update you on the expected market opening timeline as soon as we can. — VeVe | Digital Collectibles (@veve_official) March 23, 2022
Gems are an in-app VeVe token that users use to exchange for collectibles during a drop or in the market. Early reports suggest that the exploiters behind the attack managed to mint millions of gems without having to pay for it, using a bug in the purchase mechanism. One user wrote that a friend of his accidentally bought gems with an expired credit card and the transaction went through.
From what I heard, a friend informed someone that they accidentally bought gems with an expired credit card and the transaction went through anyway. So it looks more like an expired credit card exploit than a stolen credit card. However, no confirmation from Vev yet. — ⭕ Garlic Shrimp ⭕ (@GARLICxSHRIMP) March 22, 2022
The platform has also restricted several user accounts that reportedly tried to buy cheap gems from fraudulent accounts. Although the NFT platform did not disclose the exact number of gems that were used, a Twitter user stated that the figure could be in the millions and could be the biggest heist on the platform. Vevey did not respond to Cointelegraph’s requests for comment at the time of posting.
Related: Nifty News: Wolf buys up Punk, Disney NFT, Economist cover brings in $422k…
The Twitter user also shared a timeline of the exploit, when Veve first recorded the largest 3-day in-app token gem purchase, after which the in-app token price halved, dropping from 0.5 to 0.25. and then the market moves to maintenance.
Taaaaaaaaaaaaa…. apparently, about 7 million gems were purchased fraudulently. Several accounts that interacted with them are now disabled. Veve will need to recover these gems and this will be their biggest feat to date. Users who bought cheap gems on the app are likely to lose funds https://t.co/7YG3BBXjMe— niftyswaps.eth ⭕ (@niftyswaps) March 23, 2022
Gems exploitation on Veve also resulted in a significant drop in the price of listed NFTs on the platform, where one user realized why their NFT value dropped by 80% within a week of Veve’s official Twitter post.
@veve_official just saw your last tweet, now I understand why my secret rare dumbass dropped 80% in price from ATH on the Market in a matter of weeks and I finally sold it in a panic. Very unhappy! 1st BOT and now gem exploitation???—joker_del_mar (@jai_sond) March 23, 2022