The NFT marketplace, which is quite popular for offering licensed digital collectibles from mainstream brands like Marvel, Coca-Cola (NYSE:KO), and Pixar, confirmed the exploit in a Wednesday tweet. The company said that the attackers were able to acquire a “large amount” of gems. As a result, the company has shut down its in-app marketplace along with the purchase of gems until an investigation is complete.
Gems are Veve’s in-app tokens, with one gem being equivalent to one dollar. To purchase collectibles, users will need to purchase gems first.
Earlier reports claim that the attackers were able to mint millions of gems for free by exploiting a bug in the buying mechanism. One user said that his friend was able to purchase gems with an expired credit card.
From what I heard someone was informed by their friend they accidentally purchased gems with an expired credit card and the transaction went through anyway. So it sounds more like an expired credit card exploit than stolen credit cards. No confirmation by Veve yet though.
— 🇺🇦⭕Garlic Shrimp⭕🇺🇦🧄 🦐 (@GARLICxSHRIMP) March 22, 2022
Following the incident, the accounts of several users who tried to buy the cheap gems from fraudulent accounts have been restricted. Meanwhile, Veve is yet to disclose the number of gems that were minted in the exploit. A Twitter (NYSE:TWTR) user, however, claimed that the figure could be in the millions and might be the biggest exploit so far on the platform.
The Twitter user goes on to share a timeline of events following the exploit – from when the platform first noticed the largest 3-day buying of gems to a crash in the price of the token by half.
Source: Cryptocurrency - investing.com
