<![CDATA[Using a fraudulent link, hackers steal $400,000 worth of NFTs from Premint users]]>

<![CDATA[Using a fraudulent link, hackers steal $400,000 worth of NFTs from Premint users]]> https://usagag.com/2022/07/18/using-a-fraudulent-link-hackers-steal-400000-worth-of-nfts-from-premint-users/ Mon, 18 Jul 2022 15:44:00 +0000 hourly 1 https://usagag.com Using a fraudulent link, hackers steal $400,000 worth of NFTs from Premint users Popular NFT platform Premint was hacked on July 17, resulting in around $400,000 in losses for customers who clicked on a fraudulent link.

According to available data, the hacker infiltrated the website of Premint by inserting a malicious JS file. Users who clicked on the link without suspicion granted the hacker access to their NFT wallets.

Over 300 NFTs lost

Certik, a blockchain security firm, reported that hackers took 314 NFTs, including tokens from renowned projects such as Bored Ape, Goblintown, and Othercoin.

We are actively working to get a full list of wallets that had assets taken from them.

These are the wallets that Etherscan have flagged for stealing assets.

-https://t.co/l3yEk2tUDs
- https://t.co/wdo7sJMia1
- https://t.co/8bBEgpKupN
- https://t.co/iY4tna437S
— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 17, 2022

Premint verified the breach and stated that a "very limited number of users" were affected. Etherscan detected four wallets associated with the assault.

The entire amount of stolen Ethereum (ETH) assets is anticipated to exceed $400,000, or 275 ETH.

🛑Please do not sign any transactions that say set approvals for all! 🛑
— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 17, 2022

The hack had place hours after Premint urged users not to "sign any transactions that state set approvals for everybody!"

Today we made a lot of great security updates to PREMINT as a continuing effort to keep collectors safe. It touched everything from the dashboard to project pages to emails. Here's a rundown:

🧵
— BrendΞn Mulligan | PREMINT (@mulligan) July 8, 2022

Premint resumes service

Premint was able to return its website to normalcy and has implemented an upgrade that eliminates the wallet login option.

Today we made a lot of great security updates to PREMINT as a continuing effort to keep collectors safe. It touched everything from the dashboard to project pages to emails. Here's a rundown:

🧵
— BrendΞn Mulligan | PREMINT (@mulligan) July 8, 2022

Users may now log in to the site using their Discord or Twitter social network accounts, which the platform claims is "more secure and easy, especially for mobile logins."

Starting today, you don’t need your wallet when logging back in to PREMINT.

Now, once you’ve connected your Twitter or Discord accounts to your wallet (https://t.co/rdjDd5qUcM), use them to log in to your account.

It’s safer and way more convenient. Especially on mobile! pic.twitter.com/BSSyzx7zkj
— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 18, 2022

In addition, it instructed impacted individuals to include their wallet information in a document.

If you were affected by the incident on PREMINT today, please add your wallet here: https://t.co/gvNiOyD24M
— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 17, 2022

However, neither how nor when they would be repaid is specified.

NFT cheats.

The most recent attack on Premint is the latest in a very short series of hacks in the NFT market.

🚨🚨🚨🚨

Be Safe.
DeeKay’s twitter is hacked. pic.twitter.com/qpZtlHF8UR
— sean (@SeanOhio_) July 15, 2022

On July 15, renowned NFT musician DeeKay lost NFTs worth $150,000 due to unscrupulous gamers.

Footprint Analytics said that during the second quarter of 2022, around 5 percent of all web3 attacks occurred in NFTs.

]]>