Premint, an NFT registration platform has found itself in a vulnerable situation after its system was breached by hackers over the weekend. In total, 320 NFTs were stolen by the hacker(s), who then re-sold them on NFT marketplaces like OpenSea and churned a total of $400,000 (roughly Rs. 3.20 crore) in 275 Ether tokens. This breach of the Premint systems mark for one of the biggest attacks that the blockchain industry has witnessed so far in 2022.
As described on its website, Premint allows NFT artists around from the world to build access lists with randomly selected collectors and community members to use for presales and giveaways. The platform has been used by top NFT artists and collectors like Coldie, DeekayMotion, Cool Cats, Known Origin, Async Art, and Shaq among others.
Many people realised this scam and also posted warning messages on Twitter, alerting other Premint users.
:rotating_light: @PREMINT_NFT HACK UPDATES#:rotating_light:
If you signed this transaction, paid gas and gave permissions. Please go to t.co/5TAAzv4eYR to remove permission from the hacker’s wallet or transfer out everything valuable ASAP.
RT for awareness. Stay safe my friends. :muscle::skin-tone-2: pic.twitter.com/uZ5d8D2yM8
— Rosymonster (@rosymonsterr) July 17, 2022
:rotating_light:URGENT PSA :rotating_light:
Premint has been compromised. Do NOT confirm any transactions, it will drain your wallet pic.twitter.com/PJnz30Nfqn
— Cryptovalley | Amassing.eth (@SpiritAzuki) July 17, 2022
With premint hack reports of even more wallets being drained and it is sad
No one deserves that
Please stop minting from a wallet containing assets. Mint from an empty wallet trusted project or not
One simple action can save you. Please spread
— Tony365.x | :flag-lb:961.eth (@Tony365dotX) July 17, 2022
The hacker(s) managed to get hands on expensive NFTs from popular series of digital collectibles including Bored Ape Yacht Club (BAYC), Otherside, Moonbirds Oddities, and Goblintown, a Decrypt report said.
The 275 Ether tokens that the hacker(s) garnered by flipping these stolen NFTs were then wired into unknown wallets after having been passed from the TornadoCash crypto mixer. These are privacy tools that remove any digital signatures associated with a trade and allow complete anonymous crypto transactions between two wallets.
The percentage of funds passing through crypto mixers from the custody of cyber criminals touched $51.8 million (roughly Rs. 413 crore) in April 2022.
Premint has been updating people about this breach on Twitter.
Last night, a file was manipulated on PREMINT by an unknown third party that led to users being presented with a wallet connection that was malicious.
— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 17, 2022
So far in 2022, cyber criminals have stolen over $1.7 billion (roughly Rs. 13,210 crore) in digital assets with Decentralised Finance (DeFi) protocols accounting for 97 percent of the total, a report by Chainalysis had recently claimed.
The $600 million (roughly Rs. 4,660 crore) Ronin bridge breach in late March and the $320 million (roughly Rs. 2,486 crore) Wormhole attack in February were the main sources of the loot.
In February, OpenSea also suffered a phishing attack, losing $1.7 million (roughly Rs. 12.5 crore).
In a bid to mitigate risks from crypto hacking attempts, blockchain research firm Chainalysis has launched a hotline to accept reports of such events. If entities are approached with suspicious crypto payment requests from strangers, they can call up this hotline and register their alerts.