NFT security is a hot-button issue these days, and for good reason. Every other week, there is one story or the other about a platform or account getting hacked and criminals trying to make away with users’ NFTs, often to the tune of hundreds of thousands of dollars.
The latest hack was targeted at Premit, an NFT registration site. According to reports, hackers were able to infiltrate the site and place a fake pop-up link that let them gain access to users’ wallets. An estimated $400,000+ worth of NFTs has also been stolen in this hack.
Hack Details
The hack in question took place on July 17, 2022, and involved a pop-up which prompted users to verify their wallet ownership. While some people immediately found it suspicious and took to social media to speak about it, not everyone was so lucky.
As per reports, the hackers were able to make away with over 320 NFTs worth $400,000. Some of the NFTs that were stolen were allegedly from collections like Bored Ape Yacht Club and Moonbirds. Unfortunately, soon after the hack, many of the NFTs were sold on various marketplaces, making them even harder to recover.
To make things worse, the funds that were raised from selling the stolen crypto were sent to Tornado Cash, a crypto mixing service that essentially erases the digital footprint of the tokens. Needless to say, rectifying the issue might be an uphill battle.
The day after the incident, Premint sent out a number of tweets acknowledging the hack and shedding some light on what had happened.
“This issue only affected users who connected a wallet via this dialog after midnight Pacific time. Thanks to the incredible web3 community spreading warnings, a relatively small number of users fell for this. We took the site down early this morning to fix the issue,” the tweet said, adding that management was collating a list of wallets that had been affected and flagging the wallets that had been involved in the theft.
Soon after, Premit also launched a new feature that allows users to log in to their accounts from Twitter and Discord without having to enter their wallet details. The platform had planned to roll out the feature later but did so earlier following the entire hacking incident.
More updates are expected from Premint as time goes on.
Securing NFT Assets
Hacks and overall asset security have been major issues within the NFT space for a while now and unfortunately, attacks like these have become all too commonplace. Whether it is a Twitter account or a whole website, platforms are being hacked and malicious links are being posted to gain access to users’ digital asset wallets.
Unfortunately, many of these schemes are becoming more sophisticated and harder to detect even by experienced users. But just like with the new feature rolled out by Premint, it is up to those within the industry to develop tools and resources that can curb the likelihood of these attacks.