Recently, Hackers attacked Premint, a renowned NFT registration platform, and managed to compromise multiple wallets by posting a phishing pop-up on the official website to access wallet ownership.
According to CertiK, the hackers managed to steal 300+ NFTs and sold them to collect 275 ETH or $400,000 in funds.
Individuals who visited Premint’s official website didn’t suspect that a pop-up trap was waiting for them.
The security firm, CertiK, detailed that the hackers used malicious JavaScript code to breach the security measures of the website.
The wallet owners clicked on the pop-up believing it was legit and typed down their wallet details. As soon as they did this, they lost access to their wallets.
The affected users immediately came on Twitter to warn other users about the suspicious activity on the website.
The hackers drained out all NFTs from the compromised wallets and posted them on the secondary market. A total of 320 NFTs were sold within minutes and hackers earned 275 ETH or $400,000 in funds.
The funds were transferred into the hackers’ unknown wallets through Tornado Cash.
Later, the Premint team came on Twitter to acknowledge the hack and told the users they are investigating the case. According to users, the website was left unguarded for 10 hours after the hack happened. Premint refused to give a comment to NFTStudio24 about the case.
As of now, no compensation promise has been made by the platform