Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever

Threat actors hacked the popular NFT platform, Premint NFT and stole 314 NFTs.

The popular NFT platform, Premint NFT, was hacked, the threat actors compromised its official website and stole 314 NFTs. According to the experts from blockchain security firm CertiK, this is one of the biggest NFT hacks on record.

The analysis of the experts revealed that the threat actors planted a malicious JavaScript code to premint.xyz. The script was designed to instruct users to “set approvals for all” when connecting their wallets to the site, this trick allowed the attacker to access their crypto assets.

“Whilst the malicious file is no longer available due to the Domain Name Server no longer existing, the effects of the attack are visible on-chain. In total, six externally owned accounts (EOAs) are directly associated with the attack, with approx 275 ETH stolen (~$375k).” read a statement from CertiK.

The attack began at 07:25 AM UTC, when attackers transferred the first stolen NFTs to wallets under their control. The hack involved six EOAs, the good news is that two of these have been caught early and victims get their funds back by calling ‘revoke.cash.’

Users are urged to avoid signing transactions that say ‘set approvals for all.’

“Attacks such as these exploit the centralization issues and single-points of failure that come with web3 projects’ reliance on web2 infrastructures.” continues Certik. “Hacks of this kind are becoming increasingly popular, with CertiK’s Q2 report detailing how there has been a marked increase in attackers targeting other official accounts such as social media platforms to conduct exploits.”

Certik experts provide recommendations to prevent this kind of incidents, web3 projects should always build practices of decentralization around points that entail centralization risk and single-points of failure.

The experts recommend to require multiple signatures when granting access to accounts with privileged controls, and also revoke access to these accounts after each use.

“The exploit continues the growing trend that we’ve seen in which hackers leverage vulnerabilities in web2 to exploit web3 projects. It’s clear from this that the web3 ecosystem needs to take into account the interconnects with web2 technologies, particularly at points where its reliance on them becomes a vulnerability.’ said CertiK CEO and Co-founder Ronghui Gu.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Premint NFT)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.