The PREMINT website was compromised this weekend when hackers installed a popup that prompted site visitors to grant access to their crypto wallet.
Users unlucky enough to fall for the scam had their wallets emptied of NFTs. Attackers then used NFT marketplaces to exchange stolen goods for crypto.
According to a security analysis report from Certik over 300 individual NFTs were stolen in the attack, with artworks from BAYC, Otherside, and Goblintown among the losses. One stolen Bored Ape fetched 91 ETH on OpenSea.
Extra security
In the early hours of Sunday morning (UTC) Crypto Twitter User @SpiritAzuki sounded the alarm on PREMINT. A screenshot shared by SpiritAzuki shows that the malicious script on the website presented itself to users as a security verification measure.
Within 10 minutes of SpiritAzuki’s warning, PREMINT made their own Twitter post saying “Please do not sign any transactions that say set approvals for all!”
It wasn’t until nearly 12 hours later, however, that PREMINT issued a full statement on the situation.
“Last night, a file was manipulated on PREMINT by an unknown third party that led to users being presented with a wallet connection that was malicious,” said PREMINT via their official Twitter account. “This issue only affected users who connected a wallet via this dialog after midnight Pacific time. Thanks to the incredible web3 community spreading warnings, a relatively small number of users fell for this. We took the site down early this morning to fix the issue.”
For users who fell foul of the exploit, the immediate reaction ranged from despair to shock from a user who claims from having “lost everything”, to more measured responses.
One user took the philosophical view that the situation could have been far worse.
“I used the revocation when I saw the reviews but was obviously too late,” said @Dwayne420. “3 good NFTs I minted using premint were stolen. I only transfer crypto to this wallet when I buy… so happy and there wasn’t much else there -in regarding the NFT.
Ultimately, what concerned users the most was the prospect of a refund. PREMINT have not yet been specific about their plans in this regard, but they have asked victims to contact them.
Report to PREMINT
PREMINT asks anyone who is a victim of the scam to contact it via this form. To request the return of a lost NFT, users will need to provide the compromised wallet address, OpenSea address, and their Twitter account details.
