Veve, a nonfungible token (NFT) marketplace to brands such as Marvel, Pixar, and Coca-Cola was hit by an attack on Tuesday, resulting in the illicit acquisition of millions of gems (in-app tokens).
Veve acknowledged the breach on its platform in an official tweet released on Wednesday, saying that the attackers were able to obtain a “significant amount” of gems illegally. Until the inquiry is completed, the app-based NFT platform has taken down the marketplace as well as the gems buying option.
Gems are the VeVe in-app currency that users may swap for collectibles in the Market or during drops. According to early reports, the attackers were able to create millions of gems without having to pay for them by exploiting a flaw in the purchase system.
Twitter users complain about the exploit
One user said that a friend bought gems with an expired credit card and that the transaction went through.
Several user accounts have also been suspended when it was discovered that they were attempting to purchase cheap gems from bogus accounts.
While the NFT platform did not reveal the actual number of gems abused, a Twitter user said the sum may be in the millions, making it the site’s greatest robbery. At the time of publication.
The Twitter user also revealed a chronology of the exploit’s actions, which included Veve registering the greatest 3-day buying of in-app token gems, followed by a 50% drop in the price of the token from 0.5 to 0.25, and the marketplace going into maintenance.
The gem vulnerabilities on Veve also led to a large drop in the price of the platform’s listed NFTs, with one user realizing why his NFT value had dropped by 80% just a week after Veve’s official Twitter tweet.