Premint Returns $500K in Ethereum to NFT Hack Victims

NFT registration platform Premint, which suffered at the weekend a hack that saw over 300 NFTs stolen from users’ walletsannounced today that they intend to refund the victims of the hack.

In a live streamed event update this afternoon, Premint CEO Brenden Mulligan announced that the company, in collaboration with “a third-party, non-Premint employee” conducted chain analysis this week to compile a list of all NFTs stolen during Sunday’s hack.

During this week, every associated crypto wallet on that list will receive a payment in Ethereum (ETH) corresponding to the minimum price for each stolen NFT at 10am PST this morning. Mulligan told Decrypt the total amount that Premint will refund to defrauded customers will amount to around 340 ETH, or just over $525,000.

“I realize the stolen NFTs were not just NFTs on the floor,” Mulligan said this morning. “Floor” refers to the cheapest available NFT of a given collection. Some of the stolen NFTs were considered rare and valued at a much higher market price than those priced to the floor. “You may feel that this compensation is not enough. But I don’t think there is any other scalable and objective way to do this, said the Premint boss.

There are two notable exceptions to this refund policy: the two most expensive NFTs stolen on Sunday, a Boring monkey the hackers flipped for 89 ETH ($138,000), and a Azuki they sold for just over 10 ETH ($16,000). Mulligan announced today that Premint was able to purchase both NFTs from their new owners at purchase price, and has since returned them to their pre-hack owners. Mulligan stated that these were the most valuable NFTs taken by the hackers “by orders of magnitude.”

During the announcement, Mulligan stated his general reluctance to pay back victims of digital asset hacking. “I have this feeling, and a lot of other people have this feeling, that compensation in this world, when a hack happens, actually has a negative long-term effect,” Mulligan said. “Because it doesn’t teach people a lesson.”

Mulligan claimed that “the vast majority of people” he has consulted since the hack “have told me we shouldn’t have any compensation.” Despite this, because the hack occurred on Premint’s own website, Mulligan felt that the event constituted a one-time exception to his philosophy.

On Sunday, hackers compromised Premint’s website with malicious JavaScript code, creating a pop-up on the site asking users to verify ownership of the wallet, apparently as an added security measure. The hackers then infiltrated the wallets of duped customers, stole 321 NFTs and quickly sold most of them, worth over $400,000 at the time.

As a gesture of the company’s long-term commitment to user security, Mulligan also announced today that Premint has acquired wallet authentication tools Volcano. Mulligan said more details about that partnership will come next week.

Sunday’s hack was just the latest scam to target the NFT market, which last year alone generated $25 billion in sales. In February, a phishing scam on OpenSea stole over $1.7 million worth of NFTs. In April, Bored Ape Yacht Club’s Instagram account was hacked led to a $2.8 million NFT theft. Last month, actor Seth Green paid nearly $300,000 to recover a stolen Bored Ape NFT he planned to make the centerpiece of an upcoming television series.

A common thread connecting many such NFT thefts is the involvement of centralized websites and platforms like Premint, to which users provide a certain amount of private information in exchange for convenience and new features. While providing wallet information to a centralized platform may expose users to additional risks, it may also offer certain protections, such as the current chargeback scheme.

“It’s been a horrible experience for me personally and for the team,” Mulligan said of the week’s events. “Hopefully we’re ready to move forward with this.”

Want to become a crypto expert? Get the best of Decrypt straight to your inbox.

Get the biggest crypto news + weekly recaps and more!