Hacker Stole $375,000 From Premint NFT Platform Users
A hacker gained access to the official website of Premint, an NFT whitelisting platform, and stole $375,000 in NFTs.
A black hat hacker injected a malicious piece of JavaScript code on premint.xyz, instructing users to sign a malicious transaction via a wallet pop-up, according to security firm CertiK. Six users signed the code, granting the hacker complete control over the funds.
“Last night, a file was manipulated on PREMINT by an unknown third party that led to users being presented with a wallet connection that was malicious,” the Premint team stated.
The hacker was able to steal 314 different PREMINT NFTs before the exploit was discovered
NFTs from collections such as Bored Ape Yacht Club, Otherside, Moonbirds Oddities, and Goblintown were included.
The stolen assets were sold for 270 ETH ($375,000) around 07:30 a.m. ET on Sunday. The hacker transferred the proceeds to this address and routed them through Tornado Cash, a popular transaction mixer on the Ethereum network.
The exploit is part of a growing trend in which hackers exploit vulnerabilities in traditional web infrastructure to conduct security exploits on web3 projects.
Last month, hackers used decentralized finance projects Ribbon Finance and Convex Finance’s websites to launch phishing attacks. In other cases, Discord servers, Twitter, and Instagram accounts have been used to spread phishing links intended to steal cryptocurrency and NFTs.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews
Follow CoinCu Youtube Channel | Follow CoinCu Facebook page
Annie
CoinCu News