Hackers steal $400k worth of NFTs from Premint
Over the weekend, popular NFT platform Premint became the latest victim of a security breach, leading to the loss of over 300 NFTs, including collectibles from Bored Ape Yacht Club, Otherside, and Goblintown.
According to available information, the attacker was able to swindle unsuspecting users after adding a malicious JS file on Premint’s website. The affected users reportedly received a pop-up message prompting them to confirm the ownership of their wallets. The message also urged users to enable a “SetApprovalForAll” feature in their wallets, and those who clicked the said link unknowingly gave the hacker access to steal the NFTs in their wallets.
Blockchain security company Certik reportedthat the hacker(s) stole 314 NFTs, valued at around $400,000. Meanwhile, Premint confirmed the incident, noting that only a “relatively small number of users” were affected. The team goes on to state that it had identified four wallets linked to the attack from Etherscan data.
We are actively working to get a full list of wallets that had assets taken from them.
— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 17, 2022
These are the wallets that Etherscan have flagged for stealing assets.
-https://t.co/l3yEk2tUDs
- https://t.co/wdo7sJMia1
- https://t.co/8bBEgpKupN
- https://t.co/iY4tna437S
Surprisingly, the attack happened hours after Premint warned its customers not to “sign any transactions that say set approvals for all!”
🛑Please do not sign any transactions that say set approvals for all! 🛑
— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 17, 2022
As of press time, the company had since restored operations and had introduced an update that removes the wallet login option. Users can log in to the platform through their Twitter or Discord accounts, an option that Premint claims is “safer and more convenient, especially for those logging in on mobile.”
Starting today, you don’t need your wallet when logging back in to PREMINT.
— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 18, 2022
Now, once you’ve connected your Twitter or Discord accounts to your wallet (https://t.co/rdjDd5qUcM), use them to log in to your account.
It’s safer and way more convenient. Especially on mobile! pic.twitter.com/BSSyzx7zkj
The Premint attack is the latest in a long string of hacks in the NFT space in the last few months. In May, American actor and comedian Seth Green lost four NFTs worth more than $300,000 to a phishing scam. A Footprint Analytics report claims that 5% of the total hacks in web3 during the second quarter of 2022 were NFT-related.
Check our guide of the most promising crypto
