Threat actors have hacked the official website of popular non-fungible token (NFT) platform PREMINT and stole $375,000 worth of assets in one of the biggest NFT heists ever recorded.
The hackers injected malicious JavaScript code into PREMINT’s website via URL. However, the file became unavailable after the Domain Name Server (DNS) was taken down.
The malicious code deceived users into allowing “set approvals for all” permissions for their crypto wallets, which gave the attackers access to their assets.
At this point, six Externally Owned Accounts (EOAs) are directly tied to the attack, according to blockchain security firm Certik last week. The threat actors stole approximately 275 ETH (around $375,000) worth of NFTs from compromised accounts.
“In total, both wallets stole 314 NFTs including BAYC, Otherside, Globlintown, et al,” read the company’s report. “In total, ~275 ETH was lost in the attack amounting to $374,417.66, making it one of the largest NFT hacks this year.”
On Sunday, PREMINT informed its followers on Twitter that its website was compromised. The NFT platform has also started to gather data in order to build a full list of wallets impacted by the attack and disclosed that several crypto wallets were flagged by Etherscan for stealing assets.
“Last night, a file was manipulated on PREMINT by an unknown third party that led to users being presented with a wallet connection that was malicious,” PREMINT said. “This issue only affected users who connected a wallet via this dialog after midnight Pacific time. Thanks to the incredible web3 community spreading warnings, a relatively small number of users fell for this. We took the site down early this morning to fix the issue.”
PREMINT recommended that users who believe that their wallet has been compromised should take steps to revoke malicious permissions or move their assets to another wallet. The platform also emphasized the importance of not signing any “set approval for all” transactions in a separate tweet on Sunday.