Hackers steal $400,000 in NFTs from Premint users via malicious link

Popular NFT platform Premint suffered a hack on July 17, resulting in total losses of around $400,000 for users who clicked on a malicious link.

According to available information, the hacker compromised the Premint website by adding a malicious JS file to the site. Unsuspecting users who clicked on the link gave the hacker access to steal the NFTs from their wallets.

More than 300 NFTs lost

Blockchain security company Certik confirmed that hackers stole 314 NFTs, which included NFTs from notable projects like Bored Ape, Goblintown, and Otherside.

Premint confirmed the hack and said that only a “relatively small number of users” had fallen victim and added that Etherscan had identified four wallets connected to the attack.

The total Ethereum (ETH) value of the stolen assets is estimated at 275 ETH, worth over $400,000.

The attack happened hours after Premint warned users not to “sign transactions that say set approvals for all!”

Premint restores service

Premint was able to restore normalcy to its website and added an update that removes the wallet login feature.

Users can now connect to the platform through their Discord or Twitter social media accounts, whether the platform complaints is “safer and more convenient, especially for those connecting on mobile”.

It also asked affected users to add their wallet address to a document.

However, there is no information on how or when they would be refunded.

NFT hacks

The latest attack on Premint is the latest in a long line of hacks in the NFT space in a relatively short time.

On July 15, famed NFT artist DeeKay lost $150,000 worth of NFTs to malicious players.

A report by Footprint Analytics stated that approximately 5% of total web3 hacks in the second quarter of 2022 occurred in NFTs.

Harry D. Gonzalez