NFT platform Premint was attacked on July 17th. A hacker reportedly injected a malicious JS file to Premint’s website, which tricked unsuspecting users into signing a transaction of “setApprovalForAll(address,bool).”
About 314 NFTs, including BAYC, Otherside, Globlintownm, etc., were stolen from the users as a result. The total losses are estimated to be around 275 ETH or $374,417.66 at the time. Blockchain security firm CertiK said, “it’s one of the largest NFT hacks this year.”
Premint’s website was temporarily taken down for a fix. Now, the site has been updated to remove the need for users to log in using their wallets. The users can now use Twitter or Discord accounts rather than wallets when logging back into the platform. “It’s safer and way more convenient. Especially on mobile.”
The vulnerability has been identified and fixed. Premint has advised all users to revoke access to the platform if they feel that their wallet was compromised amid the incident.
The rate of NFT scams has been increasing over the past months, following the growing attention and trades in the market. Phishing scams and suspicious pop-ups are some of the common tactics used by these scammers.
A good way to avoid losing your assets to scammers is not to sign any/every transaction strange to you. It’s also helpful to read transaction details before approving them. Also, revoke wallet access to applications to do not use anymore.