Trusted

Hackers Flip 300+ Stolen NFTs for $400K After PREMINT Website Compromised

2 mins
Updated by Ryan Boltman
Join our Trading Community on Telegram

In Brief

  • Hackers perpetrated a phishing-style attack through the Premint website this weekend.
  • Over 300 NFTs were stolen valuing over $400,0000.
  • The most expensive single NFT stolen was a Bored Ape worth 91 ETH.
  • promo

The PREMINT website was compromised this weekend when hackers installed a popup that prompted site visitors to grant access to their crypto wallet

Users unlucky enough to fall for the scam had their wallets drained of NFTs. The attackers then used NFT marketplaces to flip the stolen goods for crypto. 

According to a security analysis report from Certik over 300 individual NFTs were stolen in the attack, with artworks from BAYC, Otherside, and Goblintown among the losses. One stolen Bored Ape fetched 91 ETH on OpenSea.

Extra security

In the early hours of Sunday morning (UTC) Crypto Twitter user @SpiritAzuki rang the alarm on PREMINT. A screenshot shared by SpiritAzuki shows that the malicious script on the website presented itself to users as a security verification measure.

Within 10 minutes of SpiritAzuki’s warning, PREMINT made their own Twitter post saying “Please do not sign any transactions that say set approvals for all!”

It wasn’t until nearly 12 hours later, however, that PREMINT issued a full statement on the situation.

“Last night, a file was manipulated on PREMINT by an unknown third party that led to users being presented with a wallet connection that was malicious,” said PREMINT via their official Twitter account. “This issue only affected users who connected a wallet via this dialog after midnight Pacific time. Thanks to the incredible web3 community spreading warnings, a relatively small number of users fell for this. We took the site down early this morning to fix the issue.”

For users who had fallen foul of the exploit, the immediate reaction varied between the desperation and shock of one user who claimed to have ‘lost everything’, to more measured responses. 

One user took the philosophical view that the situation could have been far worse.

“I used revoke when I saw the notices but I was evidently too late,” said @Dwayne420. “3 good NFTs I minted using premint were stolen. I only transfer crypto into that wallet when I buy…so glad and there wasn’t much of anything else in there NFT wise.”

Ultimately, what concerned users the most was the prospect of a refund. PREMINT have not yet been specific about their plans in this regard, but they have asked victims to contact them.

Report to PREMINT

PREMINT requests that anyone who fell victim to the scam should contact them via this form. To seek the return of a lost NFT users will need to provide the compromised wallet address, the OpenSea address and their Twitter account details.

What do you think about this subject? Write to us and tell us!

Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

BIC_userpic_sb-01.jpg
Robert D Knight
Robert D Knight is a journalist and copywriter who has specialized in crypto for over four years. His varied experience includes freelancing, in-project contracts, agency work, and PR, giving him a holistic view of the blockchain industry.
READ FULL BIO
Sponsored
Sponsored