The Trust Project is a worldwide group of news organizations working to establish transparency standards.
On Saturday night, July 16, anonymous cybercriminals hacked the NFT registration platform Premint.
On July 17, Premint users noticed a fake pop-up that asked for wallet information and warned others about it.
“Thanks to the incredible Web3 community spreading warnings, a relatively small number of users fell for this,” tweeted Premint on the same day.
However, that’s not to say no users were affected. Hackers still managed to steal more than 320 blue-chip NFTs, including BAYC, Goblintown, and Moonbirds. In addition, they took 275 ETH, currently worth more than $400,000.
Afterward, cybercriminals sent funds to Tornado Cash, a service that mixes users’ crypto with a pool of other users’ assets, making them almost impossible to track.
The Premint team is currently investigating the attack. The platform’s customers are asking for compensation, but the company has not given any official response to affected users yet.
It’s worth noting that Premint was planning to roll out a new security feature the following week. The update would allow users to log into Premint via Discord or Twitter without entering wallet details. However, the feature has not been introduced.
Following the accident, the company rolled out the new log-in mode on July 18.
As a side note, Yuga Labs, the company behind Bored Ape Yacht Club, also warns users about a possible coordinated attack.
Phishing scams and hacks are common in the Web3 space. Since the beginning of 2022, over $1.97 billion in Web3 assets were stolen, with the biggest hack belonging to Ronin.
Read related posts:
Any data, text, or other content on this page is provided as general market information and not as investment advice. Past performance is not necessarily an indicator of future results.