Cyber Criminals attacked “Premint” a popular platform for NFTs
You know that NFTs are one of the greatest investments as a business anyone can try on. So, what would happen if the project gets into the hands of a cybercriminal? It would be a great loss for unique marketers who genuinely want to show their talents and with the help of it try to make money.
NFTs are Non-fungible Tokens as the project you make turns into a unique code that could never be replaced with anything else. Moreover, not everyone will be able to access the same token by their side. The reason for that is a person who made a token for selling, after selling that project it takes an amount to purchase that limited edition thing.
Once sold, the person who purchased that token got the accessibility to access that token for themselves. Several people in the world are collectors. Some of them like to collect ship models, some to mail stamps, and some people like to collect marvelous pictures.
Then what happened to “PREMINT”? Also, what is this “PREMINT” that made many people fall into vain?
PREMINT NFTs PLATFORM
This is one of the popular platforms that are providing NFT holders to add their lists in one place and make money from the collection they’re going to add to it. Several people who’d like their collection would contact these creators to buy their collection.
After selling they’ll get a set amount of royalty on the product they produced. That’s because it’s working on blockchain procedures. The users, who would be able to buy the collection will be able to have that token only under their name, and this person does have the right to that collection.
What happened to PREMINT?
The official website of PREMINT NFTs was hacked. Stealing 314 NFTs wasn’t a joke for the cybercriminals.
According to experts from blockchain security firm “Certik”:
This is one of the biggest NFT hacks on record. The site got a malicious JavaScript code planted by Cyber Attackers. It was reported that the criminal designed the script to instruct users to “set approvals for all”. While the online wallet got connected to the site, attackers got the way out to get their crypto assets.
Statement by CertiK…
However, due to the Domain Name Server being removed, the malicious file does not exist anymore. The serious results of the attack are shown on-chain. Around 275 ETH was stolen where the activities of the externally owned account numbered six were clearly shown associated with the attack. These 275 ETH was worth $375k.
The attack was taken in action at 07:25 AM UTC. At that moment, the criminals first transferred the first stolen NFTs to their wallets. This attack involved a total number of 6 EOAs. Ultimately, 2 of them were caught on the spot, and victims got their funds refunded by provoking “revoke.cash”.
An alert was given to the users to avoid clicking on the signing transaction that says “approvals of all”.
CertiK continues….
Attacks coming with Web3 Projects relied on Web2 Infrastructure are as follows:
- Such as these exploits
- Centralization issues
- Single points of failure
These kinds of attacks are getting in more popular. CertiK’s Q2 reports do mention all of the attacks that have been taken in action to target more official accounts on several social media platforms to conduct exploits.
Strict Advice From CertiK
Certik says to avoid these kinds of events that include Web3 Projects. It has been observed that Web3 makes projects of decentralized nature around the points that create centralization risk and single points of failure.
According to experts, users should ask for multiple signatures when granting access to accounts with privileged controls. Moreover, the finishing of the work of those to whom the access was provided should be revoked at once, after the use.
Words from CertiK CEO and Co-founder Ronghui Gu.
The attack is in its growing stage with rapid growth. In that, hackers leverage vulnerabilities in Web2 to Exploit Web3 Projects. From the very beginning, this is clear that the Web3 Ecosystem needs to consider the interconnects with Web2 techs, individually at points where relying on them turns into a sick problem.
As you can see this was just the beginning of how things are turning their back on human beings. It’s simply clear that technology not only helps to make the life of human beings easier but also it can be harmful if we don’t get prepared for the upcoming troubles.
This whole incident was related to Web Application Security. To learn about how you can protect yourself from such events on several online sites, you can join Web Application Security Course & Training offered by Bytecode India.
Bytecode India is one of the best training institutes that will provide you with the best learning experience with well-qualified trainers. Learn better to grow more with Bytecode India. Moreover, several students that are living outside Delhi can still learn via Online Sessions which is one of the best facilities Bytecode India provides.
What are you waiting for? Join Bytecode India Institute now!
Kindly read more articles:
App Permissions’ list got removed from the new ‘Data Safety’ section by Google
New Malware Confused Android Device Users in Using Google Play Store