On Sunday, Premint users were the targets of a hack, in which 400k in Ethereum was accumulated from the sale of 300 stolen NFTs. Multiple users fell for the scam. The hack is amongst the biggest hacks, in the busiest quarter, of the busiest year for crypto scammers.
When people logged in to the hacked site, a pop-up appeared promoting a new security feature.
What happened on the NFT registration platform premint
The first official report of the attack on the Premint website came at 8.00 UTC, in a tweet from the Premint Twitter account. They directed all users not to sign any transactions requiring them to indicate “Set Approval For All” as a setting. Although the first two wallets started getting drained at 7.25 am.
According to Certik, the hacker gained access to the site after uploading malicious javascript code via a URL, https://s3-redwood-labs-premint-xyz[.]com/cdn.min.js?v=1658046560357. They went on to say that the file could no longer be accessed because the domain server name does not exist anymore.
The corrupted file showed up as a pop-up on the site warning Premint customers to verify their wallet ownership for better security.
In reality, once you clicked on the pop-up, you were giving the hacker consent to remove NFTs from your wallet without the need for further permission.
The Booty
Among the haul, the scammers removed from the first two wallets at the popular NFT registration platform Premint were Bored Ape Yacht Club, Oddities, Goblintown, and Otherside.
Once removed, the hackers immediately began flipping the stolen NFTs. The tally from the heist was over 300 NFTs stolen and 400k in Ethereum taken in the Premint hack.
After selling the 300 plus NFTs, the scammers sent the 275 Ethereum accumulated to Tornado Cash. In doing so, they wiped away their digital footprints.
Tornado Cash and other crypto aggregating services are a favored means for criminals to clean their ill-gotten gains.
Something Phishy Going On
Several Premint customers realized a phishing scam was in progress and alerted others to the fact via Twitter. The warnings were recognized in a tweet from Premint thanking the web3 community for their swift reaction to the breach.
However, some later criticized the company for the length of time it took them to discover the hack. The attack was ongoing for at least 7 hours.
Once Pemint realized an attack was underway, the Premint leadership shut the site down and immediately informed their followers that hackers had compromised the Premint website.
They assure users the website is again safe and that an investigation is underway by the hack and have published the addresses used in the attack. Furthermore, they urge those affected to contact them.
Are you one of the Premint users affected?
Overall, a small number of wallets were affected, which is no consolation to those that were. According to a thread on the Premint Twitter account, any Premint customer affected by the hack should add their wallet address to a google sheet link connected to the tweet.
Future Hacks Assured
Crypto has had its fair share of high-profile scams and hacks, but the rate and size of such nefarious schemes in the first half of 2022 is heartbreaking.
As you read this, hackers are searching and trying to worm their way into vulnerable websites. They never take a break.
For instance, in a recent tweet, Yuga Labs warned its NFT owners to be on guard for an imminent attack from a ‘persistent threat group that targets the NFT community.
The tweet further stated, “they may soon be launching a coordinated attack targeting multiple communities via compromised social media accounts.”
Afterthoughts
Yet again, we are reporting on NFT enthusiasts getting their money and digital assets were taken. The 400k in Ethereum taken in the Premint is another blow to investors. Another recent hack of the Lympo sports NFT minting platform, saw $18.7 million stolen. Please be careful out there. Read this article on how to protect your NFTs.
