PREMINT, an NFT registration platform, has notified users via Twitter that an unknown party had stolen US$400,000 in ETH via a malicious wallet connection:
Hackers Secure Premint Bag
In this year’s most recent hack, 320 NFTs were stolen from the PREMINT site. CertiK, a blockchain security firm, analysed the situation and found that malicious JavaScript code had been utilised in the hack. This code created a pop-up within the site which prompted users to verify their wallet ownership. Despite many taking to Twitter to issue a warning, the hackers had already duped six PREMINT customers in mere minutes:
The stolen NFTs included Bored Apes, Moonbirds, and Goblintowns. Once they were obtained, the hacker sent the funds to Tornado Cash to wipe the digital trail left by blockchain transactions.
PREMINT has thanked those of its customers who have helped minimise the impact of the hack and are accumulating data on all NFTs stolen.
Other 2022 Phishing Attacks
Phishing attacks seem to be increasing in frequency this year, with multiple sizeable thefts across the end of the first quarter. A total of 35 NFTs were stolen in early April, including a Mutant and Bored Ape. The attack was carried out via several hacked verified Twitter accounts with the total stolen value exceeding US$900,000.
A month later, 29 Moonbird tokens were stolen when a malicious link wired a scammer US$1.5 million worth of Moonbird NFTs from a Proof Collective member. At the time, the Collective was working on a full report in collaboration with the FBI.