July 19, 2022

Premint compromised: 320 NFTs and $400,000 stolen

Published: July 19, 2022 at 7:08 am Updated: July 26, 2022 at 2:30 am

Premint compromised: 320 NFTs and $400,000 stolen

On Saturday night, July 16, anonymous cybercriminals hacked the NFT registration platform Premint.

Last night, a file was manipulated on PREMINT by an unknown third party that led to users being presented with a wallet connection that was malicious.
— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 17, 2022

On July 17, Premint users noticed a fake pop-up that asked for wallet information and warned others about it.

“Thanks to the incredible Web3 community spreading warnings, a relatively small number of users fell for this,” tweeted Premint on the same day.

However, that’s not to say no users were affected. Hackers still managed to steal more than 320 blue-chip NFTs, including BAYC, Goblintown, and Moonbirds. In addition, they took 275 ETH, currently worth more than $400,000.

Afterward, cybercriminals sent funds to Tornado Cash, a service that mixes users’ crypto with a pool of other users’ assets, making them almost impossible to track.

The Premint team is currently investigating the attack. The platform’s customers are asking for compensation, but the company has not given any official response to affected users yet.

When are we getting refunded?
— Big Fat Newbie (@bigfatnewbie) July 17, 2022

It’s worth noting that Premint was planning to roll out a new security feature the following week. The update would allow users to log into Premint via Discord or Twitter without entering wallet details. However, the feature has not been introduced.

Following the accident, the company rolled out the new log-in mode on July 18.

Was planning on announcing this later this week, but given what’s going on, wanted to roll it out asap. https://t.co/GcyYLxWLNM
— BrendΞn Mulligan | PREMINT (@mulligan) July 18, 2022

As a side note, Yuga Labs, the company behind Bored Ape Yacht Club, also warns users about a possible coordinated attack.

Our security team has been tracking a persistent threat group that targets the NFT community. We believe that they may soon be launching a coordinated attack targeting multiple communities via compromised social media accounts. Please be vigilant and stay safe.
— Yuga Labs (@yugalabs) July 18, 2022

Phishing scams and hacks are common in the Web3 space. Since the beginning of 2022, over $1.97 billion in Web3 assets were stolen, with the biggest hack belonging to Ronin.

Read related posts:

Tags:

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Valeria is a reporter for Metaverse Post. She focuses on fundraises, AI, metaverse, digital fashion, NFTs, and everything web3-related. Valeria has a Master’s degree in Public Communications and is getting her second Major in International Business Management. She dedicates her free time to photography and fashion styling. At the age of 13, Valeria created her first fashion-focused blog, which developed her passion for journalism and style. She is based in northern Italy and often works remotely from different European cities. You can contact her at [email protected]

Valeria Goncharenko