430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever

Threat actors hacked the popular NFT platform, Premint NFT and stole 314 NFTs. The popular NFT platform, Premint NFT, was hacked, the threat actors compromised its official website and stole 314 NFTs. According to the experts from blockchain security firm CertiK, this is one of the biggest NFT hacks on record. The analysis of the […]

Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever

Threat actors hacked the popular NFT platform, Premint NFT and stole 314 NFTs.

The popular NFT platform, Premint NFT, was hacked, the threat actors compromised its official website and stole 314 NFTs. According to the experts from blockchain security firm CertiK, this is one of the biggest NFT hacks on record.

Premint NFT

The analysis of the experts revealed that the threat actors planted a malicious JavaScript code to premint.xyz. The script was designed to instruct users to “set approvals for all” when connecting their wallets to the site, this trick allowed the attacker to access their crypto assets.

“Whilst the malicious file is no longer available due to the Domain Name Server no longer existing, the effects of the attack are visible on-chain. In total, six externally owned accounts (EOAs) are directly associated with the attack, with approx 275 ETH stolen (~$375k).” read a statement from CertiK.

The attack began at 07:25 AM UTC, when attackers transferred the first stolen NFTs to wallets under their control. The hack involved six EOAs, the good news is that two of these have been caught early and victims get their funds back by calling ‘revoke.cash.’

Users are urged to avoid signing transactions that say ‘set approvals for all.’

“Attacks such as these exploit the centralization issues and single-points of failure that come with web3 projects’ reliance on web2 infrastructures.” continues Certik. “Hacks of this kind are becoming increasingly popular, with CertiK’s Q2 report detailing how there has been a marked increase in attackers targeting other official accounts such as social media platforms to conduct exploits.”

Certik experts provide recommendations to prevent this kind of incidents, web3 projects should always build practices of decentralization around points that entail centralization risk and single-points of failure.

The experts recommend to require multiple signatures when granting access to accounts with privileged controls, and also revoke access to these accounts after each use.

“The exploit continues the growing trend that we’ve seen in which hackers leverage vulnerabilities in web2 to exploit web3 projects. It’s clear from this that the web3 ecosystem needs to take into account the interconnects with web2 technologies, particularly at points where its reliance on them becomes a vulnerability.’ said CertiK CEO and Co-founder Ronghui Gu.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Premint NFT)

[adrotate banner=”5″]

[adrotate banner=”13″]