300+ NFTs Stolen, $400K in Ethereum Taken In Premint Hack

Jamal Molla
Written By Jamal Molla
I write about cryptocurrency, with a special interest in NFT and metaverse in particular.

One of the biggest hacks in recent times occurred on Sunday. Hackers gained access to the popular NFT registration platform, Premint, and stole over $400K in Ethereum profit as well as over 320 NFTs in a single operation. The hackers used a fake pop-up to hoodwink Premint users into disclosing their wallet information.

According to Certik, a popular and reputable blockchain security firm, the hackers used a malicious JavaScript code to gain access to the Premint website. After gaining access to the site, they then created a pop-up within the site as an additional security measure, which promoted users to verify their wallet ownership.

Some Premint users immediately realize that the pop-up was a scam and quickly warn other users not to fall for the gimmick through Twitter and Discord. However, before the warning went viral, some users had already verified their wallet ownership using the pop-up; thereby losing their money and NFTs to the scammers.

The stolen NFTs were those from popular collections like Bored Ape Yacht Club, Moonbirds Oddities, Otherwise, and Goblintown. After stealing these NFTs, the hackers immediately rushed down to secondary marketplaces like OpenSea to flip them for real-world money. In one of the deals, one Bored Ape NFT traded for 89 ETH or $132,000.

After flipping the NFTs on OpenSea, the hackers sent the funds to Tornado Cash to wipe out the digital trail typically left by blockchain transactions. Tornado Cash is a popular crypto mixing service that NFT users can use to mix different assets with a view of wiping any blockchain traces. Tornado Cash has been in the news lately for being a hotbed where cybercriminals run to when they need to “clean up” stolen cryptocurrency. While the hack on Premint lasted, it was reported that over $400K in Ethereum and 320 NFTs were stolen.

After the hack, Premint took to their social media platforms to acknowledge the hack and vehemently assured its users that it is working to improve the platform’s security. “Thanks to the incredible web3 community spreading warnings, a relatively small number of users fell for the hack,” the company’s spokesperson tweeted. However, some Premint users have resorted to Twitter to vent their anger. Some asked whether the company will refund them the stolen assets.

NFTs are now a way for documents to be served in UK courts. Users can file a court case and pursue their case to a logical conclusion using NFTs. Meanwhile, this is not the only hack the NFT space has recorded. In February, there was a phishing scam on OpenSea, which saw the loss of over $1.7 million worth of NFTs. Similarly, in April, Bored Ape Yacht Club reported that its Instagram account was hacked leading to the loss of over $2.8 million NFTs.

Leave a Comment