Cyber Incident Victim: Premint NFT

On July 17, 2022, threat actors compromised the official website of Premint NFT, a popular NFT platform, resulting in the theft of approximately 314 NFTs valued at $375,000 (275 ETH). Blockchain security firm CertiK identified this as one of the largest recorded NFT hacks. Attackers implanted malicious JavaScript code into premint.xyz, which prompted users to authorize ‘set approvals for all’ permissions when connecting their cryptocurrency wallets. This deceptive tactic granted attackers unrestricted access to victims’ digital assets. The attack commenced at 07:25 UTC, with the first stolen NFTs transferred to attacker-controlled wallets. Six externally owned accounts (EOAs) were directly linked to the theft, though two were intercepted early, enabling partial recovery of funds through the ‘revoke.cash’ tool. The malicious script’s distribution ceased after the associated Domain Name Server became inactive, though on-chain records confirmed the attack’s scale.

CertiK’s forensic analysis revealed the attack exploited centralized vulnerabilities in Premint’s web2 infrastructure, a recurring issue affecting web3 projects. The incident highlighted risks inherent in single points of failure, such as unauthorized access to privileged accounts. Approximately 275 ETH was permanently diverted to the four uncompromised EOAs, while victims who acted swiftly reclaimed assets from the two neutralized wallets. Users were advised to scrutinize wallet transaction requests, particularly those seeking blanket approvals. The hack exemplified a broader trend of attackers targeting web2 dependencies—including social media and domain systems—to compromise web3 platforms. CertiK noted a documented rise in such exploits during Q2 2022, underscoring the need for decentralized safeguards in critical operational areas.