Marvel NFT partner Veve closes its marketplace after an in-app token exploit

Published at: March 23, 2022

Veve, a nonfungible token (NFT) marketplace with licensed digital collectibles, faced an exploit on Tuesday, resulting in millions of gems (in-app tokens) being acquired illegally. The platform is quite popular among mainstream brands such as Marvel, Pixar, and Coca-Cola, that have chosen Veve as their official launch partner.

In an official tweet published on Wednesday, Veve acknowledged the exploit on its platform and said that the attackers managed to acquire a “large amount” of gems illegitimately. The app-based NFT platform has shut the marketplace along with the gems purchase option until the investigation is complete.

As a result of this exploit, we have closed the Market, Gem purchases and transfers while we investigate. We will update you on the expected timing of Market opening as soon as we can.

— VeVe | Digital Collectibles (@veve_official) March 23, 2022

Gems are the VeVe in-app token that users use to exchange for collectibles during drops or in the Market. Early reports suggest that the exploiters behind the attack managed to mint millions of gems without having to pay for it by exploiting a bug in buying mechanism. One user wrote that their friend accidentally purchased gems using an expired credit card and the transaction went through.

From what I heard someone was informed by their friend they accidentally purchased gems with an expired credit card and the transaction went through anyway. So it sounds more like an expired credit card exploit than stolen credit cards. No confirmation by Veve yet though.

— ⭕ Garlic Shrimp ⭕ (@GARLICxSHRIMP) March 22, 2022

The platform has also restricted several user accounts that reportedly tried buying the cheap gems from fraudulent accounts. While the NFT platfrom didn’t disclose the exact amount of gems that were exploited, a Twitter user has claimed the figure could be in millions and might be the biggest heist on the platform. Veve didn’t respond to Cointelegraph’s requests for comments at the time of publishing.

Related: Nifty News: Wolf snaps up Punk, Disney NFTs, Economist mag cover fetches $422K...

The Twitter user also shared a timeline of events of the exploit where Veve first registered the largest 3-day buying of the in-app token gems, followed by a crash in the price of the token off app by half, falling from 0.5 to 0.25 and then the marketplace goes into maintenance.

Soooo.... apparently about 7M gems were fraudly purchasedMultiple accounts that interacted with them are now disabled Veve will need to recover those gems and this will be their biggest exploit to date Users that purchased cheap gems off app will likely lose funds https://t.co/7YG3BBXjMe

— niftyswaps.eth ⭕ (@niftyswaps) March 23, 2022

The gem exploits on Veve also resulted in a massive decline in the price of the listed NFTs on the platform, where one user realized why their NFT value plunged by 80% within a week after Veve’s official Twitter post.

@veve_official just saw your latest tweet, now I understand why my secret rare goofy dropped 80% in value from the ATH at Market in a matter of weeks and I panic sold it finally. Very unhappy! 1st BOTS and now Gem exploit???

— joker_del_mar (@jai_sond) March 23, 2022
Tags
Nft
Hacks
Marketplace
Related Posts
OpenSea planned upgrade stalls as phishing attack targets NFT migration
Just yesterday, OpenSea announced a smart contract upgrade, which requires users to migrate their listed NFTs from Ethereum (ETH) blockchain to a new smart contract. As a direct result of the upgrade, users that don't migrate over from Ethereum risk losing their old, inactive listings — which currently require no gas fees for migration. Major nonfungible token (NFT) marketplace OpenSea has reportedly fallen victim to an ongoing phishing attack within hours after announcing a week-long planned upgrade to delist inactive NFTs on the platform. However, the urgency and short deadline opened up a small window of opportunity for hackers. Within …
Adoption / Feb. 20, 2022
Fidelity plans NFT marketplace: Nifty Newsletter, Dec. 21–27
In this week’s newsletter, read about investment giant Fidelity planning to enter the nonfungible token (NFT) space and how Italy’s NFT market will grow. Check out how North Korean hackers use phishing websites to target NFT holders and listen to a conversation with Crypto Raiders in the NFT Steez podcast. And, don’t forget this week’s Nifty News featuring Japanese gaming firm Square Enix investing millions in an NFT game developer. Fidelity plans NFT marketplace and financial services in the metaverse On Dec. 21, investment firm Fidelity filed three trademark applications to the United States Patent Trademark Office. The trademark filings …
Nft / Dec. 28, 2022
Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move
Kevin Rose, the co-founder of the nonfungible token (NFT) collection Moonbirds, has fallen victim to a phishing scam leading to more than $1.1 million worth of his personal NFTs stolen. The NFT creator and PROOF co-founder shared the news with his 1.6 million Twitter followers on Jan. 25 asking them to avoid buying any Squiggles NFTs until they manage to get them flagged as stolen. I was just hacked, stay tuned for details - please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph) ... — KΞVIN R◎SE (,) (@kevinrose) …
Blockchain / Jan. 26, 2023
The importance of decentralized oracles: Interview with Sergey Nazarov
Chainlink co-founder Sergey Nazarov believes that increasing the decentralization and scalability of oracle technologies are key to ensure trust in the DeFi ecosystem. Oracles play a key role in the correct functioning of DeFI protocols by connecting them to real-world data. However, the trustworthiness of oracles becomes compromised in instances where they rely on a single data source to retrieve information. For instance, according to Nazarov, excessively centralized oracles enabled five recent flash loan attacks, which resulted in DeFi protocols losing around $40 million. Flash loans, a form of loan that does not require any collateral, can be used to …
Decentralization / Dec. 19, 2020
OpenSea implements 0% fees to win over NFT userbase lost to Blur
Major nonfungible token (NFT) marketplace OpenSea announced a massive structuring around lower platform fees and greater creator earnings as competing marketplaces continue to drain away its once dominant user base. On Feb. 18, NFT marketplace Blur surpassed OpenSea in daily Ethereum (ETH) trading volume as users — anticipating greater returns on their NFT investments — are looking for a trading arena that works in their favor, shows Nansen data. As a reactionary measure, OpenSea announced three major changes to win back its migrating customers. The measures include a 0% fee for a limited time, introducing optional creator earnings and leniency …
Nft / Feb. 18, 2023