Premint website infiltrated by hackers; Stole 320 NFTs on Sunday

SNEAK PEEK

  • Major NFT platform, Premint, attacked by hackers on Sunday, stole 320 NFTs worth $400,000.
  • The Website was breached using malicious JavaScript code.
  • Popular collections such as the Bored Ape Yacht Club, Otherside, Moonbirds Oddities, and Goblin-town were among the stolen NFTs.

Now the concept of Cryptocurrency and NFTs is alluring to investors, and in the past few months, it has become a new target for hackers. 

As a result, one such incident was reported on Sunday. Premint, one of the significant NFT platforms, was infiltrated by the hackers and stole away 320 NFTs, and with them, they made more than $400,000 in profit. It is counted as one of the most significant NFTs attacks of the year.

According to the latest reports from the major blockchain security firms, the Premint website was breached by hackers on Sunday using malicious JavaScript code.   

Then, apparently, as an additional security step, they built a pop-up within the Website that asked visitors to confirm their ownership of their wallets.

Several users immediately exposed the pop-up as fake and promptly took to Twitter and a platform like Discord to warn others not to follow its instructions. But, even then, the hackers were able to scam many Premint users within a matter of minutes. 

Popular collections like Bored Ape Yacht Club, Otherside, Moonbirds Oddities, and Goblin-town were among the stolen NFTs. 

After acquiring these NFTs, the hackers started selling them on platforms like OpenSea; one stolen Bored Ape brought in 89 ETH, or around $132,000.  

The sale of 302 stolen NFTs on Sunday earned roughly 275 ETH or around $400,000 for the hackers. In addition, according to the agencies, the hackers have retained 18 unsold NFTs.  

The latest update from the platform is they are digging into the incident. Going through the latest tweets of the platform, two statements for users have been shared stating: 

  • On Premint, you will never, ever be required to approve any transaction.
  • There will never be a gas fee or anything resembling a transaction; instead, you will be required to *sign* a message upon joining the wallet.