Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever

Threat actors hacked the popular NFT platform, Premint NFT and stole 314 NFTs.

The popular NFT platform, Premint NFT, was hacked, the threat actors compromised its official website and stole 314 NFTs. According to the experts from blockchain security firm CertiK, this is one of the biggest NFT hacks on record.

The analysis of the experts revealed that the threat actors planted a malicious JavaScript code to premint.xyz. The script was designed to instruct users to “set approvals for all” when connecting their wallets to the site, this trick allowed the attacker to access their crypto assets.

“Whilst the malicious file is no longer available due to the Domain Name Server no longer existing, the effects of the attack are visible on-chain. In total, six externally owned accounts (EOAs) are directly associated with the attack, with approx 275 ETH stolen (~$375k).” read a statement from CertiK.

The attack began at 07:25 AM UTC, when attackers transferred the first stolen NFTs to wallets under their control. The hack involved six EOAs, the good news is that two of these have been caught early and victims get their funds back by calling ‘revoke.cash.’

Users are urged to avoid signing transactions that say ‘set approvals for all.’

“Attacks such as these exploit the centralization issues and single-points of failure that come with web3 projects’ reliance on web2 infrastructures.” continues Certik. “Hacks of this kind are becoming increasingly popular, with CertiK’s Q2 report detailing how there has been a marked increase in attackers targeting other official accounts such as social media platforms to conduct exploits.”

Certik experts provide recommendations to prevent this kind of incidents, web3 projects should always build practices of decentralization around points that entail centralization risk and single-points of failure.

The experts recommend to require multiple signatures when granting access to accounts with privileged controls, and also revoke access to these accounts after each use.

“The exploit continues the growing trend that we’ve seen in which hackers leverage vulnerabilities in web2 to exploit web3 projects. It’s clear from this that the web3 ecosystem needs to take into account the interconnects with web2 technologies, particularly at points where its reliance on them becomes a vulnerability.’ said CertiK CEO and Co-founder Ronghui Gu.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Premint NFT)

[adrotate banner=”5″]

[adrotate banner=”13″]