Original Author: Jasmine

Original Author: Jasmine

"Don't authorize any transaction that says "set approvals for all"!" On the afternoon of July 17th, Beijing time, the NFT access list tool PREMINT issued a warning through its official Twitter. As a user alerted, the tool's website was hacked and some NFT collectors' collections had been stolen.

Subsequently, the blockchain security organization SlowMist confirmed that the PREMINT website was hacked. Hackers implemented phishing attacks by implanting malicious JS (JavaScript) files on the website, tricking users into signing "set approvals for all" transactions, thereby stealing users. NFT assets.

Another security agency, Certik, tracked down six major addresses related to the hacker attack, and “approximately 275 ETH (approximately $375,000) worth of NFTs were stolen.” The NFTs stolen by users involved Bored Ape Yacht Club, Otherside, Moonbirds, Oddities And well-known NFTs such as Goblintown.

Both PREMINT and security agencies remind users that users who use this website need to check their wallet authorization settings, and can use special tools such as Ethereum browser or Revoke to cancel wallet authorization.

PREMINT Prompt user to stop authorizing transactions

PREMINT can predict the release of various NFTs, but it cannot predict hackers' invasion of it. On July 17, after a user reported the loss of NFT, PREMINT issued an alert through the official Twitter, "Do not authorize any transactions that display as "set approvals for all"!"

PREMINT, launched at the end of March this year, is a tool for accessing NFT lists. It collects a list of NFT pre-sales and gifts in the market. Creators can use this tool to build access lists, and NFT collectors can use it to keep abreast of upcoming Mint ( issued or minted) NFT items.

According to the official website of PREMINT, more than 12,000 projects have used it to manage their access lists, and more than 2.39 million wallets have linked the tool.

On an online encrypted wallet, clicking "set approvals for all" means that the user has set "approval transactions" for everyone. When this authorization is used by phishing attacks, hackers will be able to transfer your encrypted assets.

image description

PREMINT starts counting stolen user information

After the attack, PREMINT reminded users to revoke authorization using the Revoke tool, which can cancel authorization, and transfer all valuable NFTs to other wallets. Another reminder for NFT users is that you can also use the "Token Approval" tool of the official Ethereum browser to revoke wallet authorization.

So far, six Ethereum addresses have been flagged as "phishing hacker" addresses in connection with the attack. Early this morning, PREMINT posted a registration form link on its official Twitter to collect and count stolen user information, including the affected wallet address, the OpenSea link of the stolen NFT wallet, and the user's Twitter name.

Hackers made more than $370,000 from phishing attacks

After PREMINT was attacked, the security agency SlowMist issued a security alert. The agency disclosed that at 16:00 on July 17 (UTC+8), premint.xyz was attacked by hackers. Hackers implanted malicious JS (JavaScript ) files to carry out phishing attacks, tricking users into signing "Set Approval For All" transactions, thereby stealing users' NFT and other assets.

Certik disclosed that a total of 6 addresses were directly related to the attack, which began at 07:25 UTC, as two malicious wallet addresses (0x0C979… and 0x28733…) appeared at that time to transfer the stolen NFT The malicious code was probably injected into PREMINT’s official website at that time. The NFTs contained in these two wallets include Bored Ape Yacht Club (BAYC), Otherside, Oddities, and Goblintown, etc. The remaining 4 wallets participated in the attack. Transfer of stolen NFT.

image description

Hacker address transfers stolen Goblintown NFT

"These two wallets stole a total of 314 NFTs, including BAYC, Otherside, Globlintownm, etc.," Certik statistics. The attack lost a total of about 275 ETH, amounting to $374,417.66, making it one of the largest NFT hacks this year. one.

Although NFT is a product of Web3, Certik stated in the incident analysis that Web2 has always been the main state of the Internet, and users will rely on the ease of use of the Web2 website when investing in NFT and encrypted assets. Vulnerabilities lead to single points of failure.”

Certik gave an example - in June of this year, a phishing attack occurred on BAYC, where the Discord account of community manager Boris Vagner was compromised, resulting in the attacker posting a message targeting BAYC and Otherside on the Discord channel of the fake BAYC website. The fake link of the holder, such a phishing method, allowed the attacker to profit about $319,000 from the stolen NFT.

Original link

Original link