Veve, a nonfungible token (NFT) marketplace with licensed digital items, was hit by an attack on Tuesday, resulting in the illicit acquisition of millions of gems (in-app tokens). Mainstream brands such as Marvel, Pixar, and Coca-Cola have picked Veve as their official launch partner, demonstrating the platform’s popularity.
Veve acknowledged the breach on its platform in an official tweet released on Wednesday, saying that the attackers were able to obtain a “significant amount” of gems illegally. Until the inquiry is completed, the app-based NFT platform has taken down the marketplace as well as the gems buying option.
Gems are the VeVe in-app token that users use to exchange for collectibles during drops or in the Market. Early reports suggest that the exploiters behind the attack managed to mint millions of gems without having to pay for it by exploiting a bug in buying mechanism. One user wrote that their friend accidentally purchased gems using an expired credit card and the transaction went through.
The platform has also restricted several user accounts that reportedly tried buying the cheap gems from fraudulent accounts. While the NFT platfrom didn’t disclose the exact amount of gems that were exploited, a Twitter user has claimed the figure could be in millions and might be the biggest heist on the platform.
Veve didn’t respond for comments at the time of publishing
The Twitter user also revealed a chronology of the exploit’s actions, which included Veve registering the greatest 3-day buying of in-app token gems, followed by a 50% drop in the price of the token off app, from 0.5 to 0.25, and the marketplace going into maintenance.
The gem exploits on Veve also resulted in a massive decline in the price of the listed NFTs on the platform, where one user realized why their NFT value plunged by 80% within a week after Veve’s official Twitter post.
