DataBreach.com reported an update from Sunday that “Hackers behind one of the biggest non-fungible token hacks of the year stole at least 314 blockchain entries worth about $375,000 from users of the Premint NFT platform. This amount climbed to more than $421,000 as of Tuesday morning.” …” The July 18, 2022 article titled “Hackers Steal $421K From Premint NFT Platform (UPDATE)” included these comments:
The incident, which affected wallets containing NFTs including Bored Ape Yacht Club and Oddities, began with an injection of malicious JavaScript, crypto-security firm CertiK told the Information Security Media Group. Affected users saw a popup asking them to confirm ownership of the wallet, Premint tweeted on Sunday afternoon. The website allows users to join a database of potential buyers of new NFT projects.
Users who fell for the request also accepted a “SetApprovalForAll” setting in the wallet, allowing hackers to empty the wallet. Premint says that a “relatively small number of users” fell for the request and that it is putting extra security in place.
SetApprovalForAll is designed to allow decentralized financial platform users to automatically approve the transfer of specific tokens designated by an underlying smart contract at a future time. The feature is a boon for threat actors who exploit it to transfer all other users’ tokens to their own wallets
Unfortunately, I think we are going to see more NFT thefts!
The content of this article is intended to provide a general guide to the subject. You should seek specialist advice about your specific circumstances.
