Premint, a popular NFT platform, was hacked on July 17, with a total loss of about $ 400,000 for users who clicked on malicious links.
According to the information available, hackers compromised Premint’s website by adding malicious JS files to the site. An unprotected user who clicked on the link gave the hacker access to steal the NFT in the wallet.
Over 300 NFTs lost
Blockchain security company Certik Confirmed A hacker stole a 314 NFT. This included NFTs from notable projects such as Bored Ape, Goblintown and Otherside.
We are actively working to get a complete list of wallets that have acquired assets.
These are the wallets that Etherscan has flagged to steal assets.
– –https://t.co/l3yEk2tUDs
– – https://t.co/wdo7sJMia1
– – https://t.co/8bBEgpKupN
– – https://t.co/iY4tna437S— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 17, 2022
Premint confirmed the hack, stating that only “a relatively small number of users” were affected, and added that Etherscan had it. Identified Four wallets connected to the attack.
The total value of Ethereum (ETH) for stolen assets is estimated at 275 ETH and is worth more than $ 400,000.
🛑 Don’t sign deals that set approvals for everyone! 🛑
— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 17, 2022
The attack occurred hours after Premint warning The user “Don’t sign a transaction to set approval for everyone!”
Today, we have made many great security updates to PREMINT as an ongoing effort to keep collectors safe. I touched everything from dashboards to project pages to emails. The summary is as follows:
🧵
— Brend Ξn Mulligan | PREMINT (@mulligan) July 8, 2022
Premint restores service
Premint has added an update that can restore the health of its website and remove the login feature of the wallet.
Starting today, you don’t need a wallet to log in to PREMINT again.
Now when you connect your Twitter or Discord account to your wallet (https://t.co/rdjDd5qUcM), Use them to log in to your account.
It’s safer and much more convenient. Especially on mobile! pic.twitter.com/BSSyzx7zkj
— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 18, 2022
Users can now log in to the platform through the platform Discord or Twitter social media accounts. Claim “It’s safer and more convenient, especially for those who are logged in on mobile.”
PREMINT can log in securely. After connecting the wallet, the gas-free signature confirmation screen will be displayed.
It never requests access to a transaction. Also, you will not see the gas associated with connecting to PREMINT.
— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 18, 2022
We also instructed affected users to add the wallet address to the document.
If you were affected by today’s PREMINT incident, add your wallet here. https://t.co/gvNiOyD24M
— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 17, 2022
However, there is no information about when and how to get a refund.
NFT hack
The latest attacks on Premint are the latest in a long line of hacks in NFT space in a relatively short amount of time.
🚨🚨🚨🚨
Please ensure your safety.
DeeKay’s Twitter has been hacked. pic.twitter.com/qpZtlHF8UR— Sean (@SeanOhio_) July 15, 2022
On July 15th, renowned NFT artist Dee Kay lost $ 150,000 worth of NFTs to a malicious player.
According to a Footprint Analytics report, about 5% of all hacking that occurred in web3 in the second quarter of 2022 occurred in NFTs.