Influencer Zeneca and Platform PREMINT are the latest targets

Source: AdobeStock / Ar_TH

Non-fungible token (NFT) influencer Zeneca and NFT registration platform PREMINUTE are the latest targets of hacking attempts against the NFT community.

Zeneca’s social media accounts were compromised late Tuesday and linked to a fake airdrop for the influencer’s “Zen Academy Founders Pass,” tricking users into connecting to the wallet.

“Hey everyone wanted to do something special for the community, so here it is!” Zeneca’s compromised Twitter account had posted. “I would like to announce the official release of the Zen Academy Founders Pass airdrop. There will be 333 of these passes to begin with. The lucky few who manage to get one.”

Shortly after the tweet was sent, Twitter’s head of consumer product marketing Justin Tayler confirmed that the account had been hacked and locked it down.

Zeneca, who has since regained access to his account, claims he has no idea how the hack took place. In a Twitter thread, he said he had two-factor authentication (2FA) enabled using Google Authenticator, and even speculated that this could be an inside job.

Web3 security analyst Serpent also asked Tayler to do an internal investigation, saying that “far too many high-profile accounts (using 2FA authentication) have been hacked recently.”

The hack came shortly after Bored Ape Yacht Club the creator Yuga Labs warned the NFT community in a Monday tweet about “a persistent threat group targeting the NFT community.”

“We believe that they may soon launch a coordinated attack targeting multiple communities via compromised social media accounts. Be alert and stay safe,” the official Twitter account of Yuga Labs so.

Meanwhile, in a separate incident, NFT registration platform PREMINT was hacked on July 17, leading to total losses of around USD 430,000 to users who clicked on a malicious link.

PREMINT confirmed the hack in a Twitter thread, detailing that “the issue only affected users who connected to a wallet via this dialog after midnight Pacific time.”

According to a security analysis report from Certificate, the hacker compromised PREMINT’s website by uploading a malicious JS file to the website. Unsuspecting users who clicked on the link were asked to sign a transaction that would give the hacker access to steal their NFTs.

Certik has discovered six Ethereum (ETH) addresses directly linked to the attack, with approximately ETH 275 (USD 430,330) stolen in NFTs.

July 18, the platform announced that users no longer need the wallet when they log back into PREMINT. Instead, Twitter or Discord accounts can be used.

Later in the afternoon on Wednesday (UTC time), PREMINT so they will broadcast live to share “big news about our security incident and next steps.”

____

Learn more:
– EU legislators want rules against money laundering to cover NFTs
– UK court allows civil claimant to submit NFT legal documents

– Hackers stole USD 670 million from DeFi Projects in Q2, up 50% from Q2 2021
– Bitfinex Hack Suspect Heather Morgan cleared to apply for job and get paid over USD 10K a month

– CryptoPunk Sales Top Monthly Charts As Other Blue-Chip NFT Collections Fall
– NFTs have won Damien Hirst’s art experiment so far with over 2000 tokens burned

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *