According to security information provided by CertiK, the Premint website—a well-known NFT whitelist platform—was compromised on Sunday. Losses resulting from the attack are believed to have cost about $375,000.
One of the biggest non-fungible token breaches of the year resulted in the theft from Premint NFT platform customers of at least 314 blockchain entries, totaling around $375,000.
According to the crypto security company CertiK, the issue started with an injection of malicious JavaScript and affected wallets storing NFTs like Bored Ape Yacht Club and Oddities. Premint tweeted that affected users received a pop-up requesting them to confirm their ownership of their wallet. Users of the website can sign up to be included to a database of prospective buyers of new NFT projects.
We are actively working to get a full list of wallets that had assets taken from them.
These are the wallets that Etherscan have flagged for stealing assets.
–https://t.co/l3yEk2tUDs
– https://t.co/wdo7sJMia1
– https://t.co/8bBEgpKupN
– https://t.co/iY4tna437S— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 17, 2022
The message also persuaded users to enable a “SetApprovalForAll” feature in their wallets, allowing hackers to steal money from their accounts. Premint claims that only a “relatively small number of users” were fooled by the prompt and that it has increased security.
SetApprovalForAll is made to enable users of decentralized finance platforms to instantly consent to the transfer of particular tokens that have been pre-selected by an underlying smart contract at a later time. Threat actors take advantage of the feature to transfer all of the tokens belonging to other users to their own wallets.
The hack has been effectively closed, and PREMINT has updated their website as of this writing.
Users can now log back into the platform using their Twitter or Discord accounts instead of wallets, according to an update pinned to the website by PREMINT. This is secure and far more convenient, especially on mobile devices.
BTC/USD rise above $20k. Source: TradingView
Related reading | Online Perpetrators Steal Ethereum And NFTs From Yuga Labs Through Server Hack
The warning was posted earlier on Twitter by the Permit team, telling users to revoke access to their wallets if they think their wallets were compromised in the hack and not to approve any transactions that ask them to “set approvals for all.” For a fix, the website was momentarily taken offline.
The platform briefly shut down its website and advised disabling the “set approval for all” feature using Revoke Cash or Etherscan and relocating any assets to a different wallet. With the use of an event report form, the business is gathering a list of stolen items and using it to trace their whereabouts.
The website was operational at the time this was written. Users no longer have to check in to the website using their wallets thanks to a Premint update. Users can now log back into the platform using their Twitter or Discord accounts rather than their wallets. It’s much safer and more practical. Particularly on mobile.
Furthermore, PREMINT informed its community that they are trying to recover affected users’ wallets and their stolen assets. “We are actively working together to get a full list of wallets that had assets taken from them.”
The number of NFT hacks has significantly increased since last year, with PREMINT being the most recent victim. Earlier on Friday, a hacker targeted NFT Artist DeeKay’s Twitter account. According to reports, the attack caused NFT losses of $150,000.
Being extra cautious while approving any transactions is now more crucial than ever due to the increase in NFT scams.
Related reading | Hackers’ Phishing Attack Cuts Off Moonbirds NFTs Worth $1.5 Million
Featured image from Getty Images, charts from TradingView.com
In early 2009, the giant whale wallet woke up and dumped its goods, transferring $5.47 million to the Kraken cryptocurrency exchange. It currently holds Bitcoin worth $75.23 million.
AlexTypical cases in the application of the Civil Code in China's Shandong courts show that digital collectibles are a kind of online virtual property, and there is currently no explicit legal prohibition on the issuance and trading of digital collectibles.
MiyukiThe UAE Securities and Commodities Authority (SCA) is investigating $WAP, a Solana-based token endorsed by celebrities like Cardi B, amidst concerns that such endorsements could facilitate pump-and-dump schemes. Cardi B's promotion is under scrutiny due to its connections to a crypto wallet linked to previous scams.
CatherineA recent survey revealed that only 7.5% of Salvadorans use Bitcoin for transactions, despite the government's efforts and investments since it became legal tender in September 2021. Most citizens prefer the government to focus on education and industrial development rather than Bitcoin, highlighting a disconnect between official policies and public priorities.
WeatherlyThe Sui Foundation has denied allegations of insider token sales, which claim that insiders profited from SUI's recent surge by selling $400 million worth of tokens. These claims are putting pressure on SUI's price, prompting the community to express concerns about the project's long-term viability.
KikyoNorth Gyeongsang Province seized $890,000 in crypto from residents who failed to pay taxes. The province aims to recover $136 million in unpaid taxes by the end of the year, using aggressive measures against tax evaders.
AnaisBlockchain security firm SlowMist warns of rising scams using fake trading bots that falsely claim ties to OpenAI’s ChatGPT. These schemes lure users into investing, only for their funds to disappear. Exercise caution and avoid suspicious links and unverified code.
CatherineHTX has partnered with TradingView to allow users to trade cryptocurrencies directly within the TradingView platform, enhancing the trading experience. This integration provides users with easier access to HTX's services and resources, enabling more efficient and flexible trading strategies.
AnaisHong Kong police dismantled a fraud syndicate that used deepfake technology to scam individuals out of approximately HK$360 million (around $46 million) through romance scams. A total of 27 suspects were arrested, including five believed to have ties to organised crime, highlighting the growing threat of sophisticated online scams.
JoyAlex