Popular NFT platform Premint suffered a hack on July 17, leading to total losses of around $400,000 for users who clicked on a malicious link.
According to available information, the hacker compromised Premint’s website by adding a malicious JS file to the site. Unsuspecting users who clicked on the link gave the hacker access to steal the NFTs in their wallets.
Over 300 NFTs lost
Blockchain security company Certik confirmed that the hackers stole 314 NFTs, which included NFTs from notable projects like Bored Ape, Goblintown, and Otherside.
Premint confirmed the hack and said that only a “relatively small number of users” were victimized and added that Etherscan had identified four wallets connected to the attack.
The total Ethereum (ETH) value of stolen assets is estimated to be 275 ETH, worth over $400,000.
The attack occurred hours after Premint warned users not to “sign any transactions that say set approvals for all!”
Premint restores service
Premint has been able to restore normalcy to its website and has added an update that removes the wallet login feature.
Users can now log in to the platform via their Discord or Twitter social media accounts, which the platform claims is “safer and more convenient, especially for those logging in on mobile.”
It also directed affected users to add their wallet address to a document.
However, there is no information on how or when they would be refunded.
NFT hacks
The latest attack on Premint is the latest in a long line of hacks in the NFT space within a relatively short time.
On July 15, famous NFT artist DeeKay lost $150,000 worth of NFTs to malicious players.
A Footprint Analytics report said around 5% of the total hacks in web3 during the second quarter of 2022 happened in NFTs.