On Tuesday, Veve, a nonfungible token (NFT) marketplace with licenced digital collectibles, was hit by an exploit, resulting in the illicit purchase of millions of gems (in-app tokens). Mainstream brands that have chosen Veve as their official launch partner include Marvel, Pixar, and Coca-Cola.
In fact, the NFT marketplace acknowledged the hack on its platform in an official tweet released on Wednesday, saying that the attackers were able to illegally obtain a “significant amount” of gems. Until the inquiry is completed, the app-based NFT platform has taken down the marketplace as well as the possibility to buy gems.
Gems are the VeVe in-app currency that users may use to trade for collectibles in the Market or during drops. Furthermore, according to early reports, the attackers used a weakness in the purchase system to create millions of gems without having to pay for them. Additionally, one user said that a friend bought gems with an expired credit card and that the transaction was successful.
The figure of gems exploited may be in the millions
Several user accounts have also been suspended when it was discovered that they were attempting to purchase cheap gems from fake accounts. In like manner, the NFT platform did not reveal the actual quantity of gems exploited. However, one Twitter user speculated that the figure may be in the millions. And that it could be the platform’s biggest robbery.
The Twitter user also revealed a chronology of the exploit’s actions. Which included Veve registering the greatest 3-day buying of in-app token gems. Followed by a 50% drop in the price of the token off the app, from 0.5 to 0.25, and the marketplace going into maintenance.
The gem vulnerabilities on Veve also led to a large drop in the price of the platform’s listed NFTs. With one user realising why their NFT value had plummeted by 80% in the week following Veve’s official Twitter announcement.