Popular NFT platform Premint suffered a hack on July 17, leading to total losses of around $400,000 for users who clicked on a malicious link.
According to available information, the hacker compromised Premint’s website by adding a malicious JS file to the site. Unsuspecting users who clicked on the link gave the hacker access to steal the NFTs in their wallets.
Over 300 NFTs lost
Blockchain security company Certik потврђен that the hackers stole 314 NFTs, which included NFTs from notable projects like Bored Ape, Goblintown, and Otherside.
Активно радимо на томе да добијемо потпуну листу новчаника којима је одузета имовина.
Ово су новчаници које је Етхерсцан означио за крађу имовине.
-https://t.co/l3yEk2tUDs
- https://t.co/wdo7sJMia1
- https://t.co/8bBEgpKupN
- https://t.co/iY4tna437S— ПРЕМИНТ | НФТ алатка за листу приступа (@ПРЕМИНТ_НФТ) Јула КСНУМКС, КСНУМКС
Premint confirmed the hack and said that only a “relatively small number of users” were victimized and added that Etherscan had идентификовано four wallets connected to the attack.
The total Ethereum (ETH) value of stolen assets is estimated to be 275 ETH, worth over $400,000.
?Please do not sign any transactions that say set approvals for all! ?
— ПРЕМИНТ | НФТ алатка за листу приступа (@ПРЕМИНТ_НФТ) Јула КСНУМКС, КСНУМКС
The attack occurred hours after Premint упозорио users not to “sign any transactions that say set approvals for all!”
Today we made a lot of great security updates to PREMINT as a continuing effort to keep collectors safe. It touched everything from the dashboard to project pages to emails. Here’s a rundown:
?
— БрендΞн Муллиган | ПРЕМИНТ (@муллиган) Јула КСНУМКС, КСНУМКС
Premint restores service
Premint has been able to restore normalcy to its website and has added an update that removes the wallet login feature.
Starting today, you don’t need your wallet when logging back in to PREMINT.
Now, once you’ve connected your Twitter or Discord accounts to your wallet (https://t.co/rdjDd5qUcM), use them to log in to your account.
It’s safer and way more convenient. Especially on mobile! pic.twitter.com/BSSyzx7zkj
— ПРЕМИНТ | НФТ алатка за листу приступа (@ПРЕМИНТ_НФТ) Јула КСНУМКС, КСНУМКС
Users can now log in to the platform via their Discord or Twitter social media accounts, which the platform потраживања is “safer and more convenient, especially for those logging in on mobile.”
PREMINT is safe to log into. You will see a gas-free signing confirmation screen when you connect your wallet.
We never, ever ask for any transaction access and you will never, ever see gas associated with connecting to PREMINT.
— ПРЕМИНТ | НФТ алатка за листу приступа (@ПРЕМИНТ_НФТ) Јула КСНУМКС, КСНУМКС
It also directed affected users to add their wallet address to a document.
If you were affected by the incident on PREMINT today, please add your wallet here: https://t.co/gvNiOyD24M
— ПРЕМИНТ | НФТ алатка за листу приступа (@ПРЕМИНТ_НФТ) Јула КСНУМКС, КСНУМКС
However, there is no information on how or when they would be refunded.
НФТ хакови
The latest attack on Premint is the latest in a long line of hacks in the NFT space within a relatively short time.
??
Бити безбедни.
DeeKay’s twitter is hacked. pic.twitter.com/qpZtlHF8UR— sean (@SeanOhio_) Јула КСНУМКС, КСНУМКС
On July 15, famous NFT artist DeeKay lost $150,000 worth of NFTs to malicious players.
A Footprint Analytics report рекао around 5% of the total hacks in web3 during the second quarter of 2022 happened in NFTs.
Source: https://cryptoslate.com/nft-platform-premint-users-lose-over-400k-nfts-to-hack/