Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The NFT access list tool PREMINT issued an alert through its official Twitter, because some users reminded that the tool's website was hacked, and the collections of NFT collectors have been stolen. Subsequently, the blockchain security company SlowMist confirmed that the PREMINT website was attacked by hackers. Hackers carried out phishing attacks by implanting malicious JS (JavaScript) files in the website, deceiving users to sign the transaction of "set approvals for all", thereby stealing users. of NFT assets. The attack lost about 280 ETH in total, amounting to $381,818, making it one of the biggest NFT hacks of the year. Attack method (per SlowMist): Malicious Code Injection Attack. Reported loss: 280 ETH.
- chain
- —
- protocol
- PREMINT
- bug_class
- phishing
- date_occurred
- 2022-07-17
- loss_usd
- —
- source_id
- sm:premint::2022-07-17