- Hackers made more than $400,000 in profit by selling stolen NFTs.
- Hackers used malicious JavaScript code to infiltrate the Premint website.
In one of the largest thefts of the year, hackers broke into Premint, a popular NFT registration platform, on Sunday and made off with 320 stolen NFTs and made more than $400,000 in profit.
On Sunday, hackers used malicious JavaScript code to infiltrate the Premint website, according to a study by blockchain security company CertiK. Further authentication was provided by adding an in-site pop-up that asked users to confirm their wallet ownership.
Conned Users Within Matter of Minutes
As soon as the pop-up appeared, some users knew it was a hoax and rushed to Twitter and Discord to spread the word about it. Despite this, the hackers had already conned several Premint clients within a matter of minutes.
Items from well-known collections such as Bored Ape Yacht Club and Otherside were among the pilfered NFTs. A stolen Bored Ape sold for 89 ETH, or about $132,000, on markets like OpenSea after the hackers secured the NFTs.
The hackers sold all 320 stolen NFTs for 275 ETH, or slightly over $400,000, over the course of Sunday. In order to remove any trace of the transaction from the blockchain, the hackers transferred the cash to Tornado Cash, a service that pools together crypto deposits from a large number of users and mixes them. Cybercriminals routinely utilize Tornado Cash and other mixing services to purify their stolen crypto.
Later, Premint went to twitter to disclose the theft and reassure users that the vast majority of accounts had been untouched by the intrusion. According to a tweet from the firm, just a tiny percentage of its customers were fooled by the scam.
Recommended For You: