On July 17, attackers hacked NFT service provider PREMINT’s website. While some users have notified that attackers stole their NFTs, there is no knowledge of the extent of the damage. At the time of writing, PREMINT’s website was up and operating. Here is everything you need to know about the PREMINT hack.
Many took it to Twitter and issued warnings about PREMINT’s hack, warning users against making any transactions on the project’s website. PREMINT is an NFT service provider that permits top NFT artists to build access lists and raffles for community members.
Here is the tweet from the service provider,
By giving token approval, you are basically giving the hacker approval to move your NFTs, without you signing anything again. However, you can revoke this consent.
To inspect if your wallet was compromised in the PREMINT hack, go to Etherscan and check your wallet’s history. If you witness a Set Approval function anywhere, it means that you signed a ‘set approvals for all’ transaction. In your history, you will also be able to see any transactions that you did not execute yourself these are some clear signs that your wallet was compromised.
What you can do if your wallet was compromised
If your wallet was compromised, here’s what you can do according to PREMINT:
- Check out revoke.cash or etherscan.io/tokenapprovalchecker to revoke permission. Here, you can withdraw access to each NFT that was supported by clicking the ‘Revoke’ button. Once revoked, go to Etherscan. Under logs, if the data section says “False”, it means that you have withdrawn your approvals.
- Alternatively, you can move all your assets to a distant wallet for the time being.
Eventually, it’s always safer to use a crypto burner wallet to avoid problems like this. Essentially, a burner wallet is a momentary crypto wallet that you use purely for minting NFTs or making any dApp transactions. This wallet will only have the lowest amount you need to mint an NFT or pay for gas. This way, even if somebody hacks your burner wallet, your primary assets will remain safe.
Also read, How to avoid being a victim of NFT Fraud
Latest Updates from PREMINT
In a series of tweets, the NFT access tool has provided some updates concerning the Hack. The one that stands out is that there was a file manipulated by an unknown third party that directed to users being presented with a wallet connection that was malicious.
In addition, they also provided a link where users who were affected can add their wallets,
Here are some of the latest updates:
Following this tweet, there were a couple of tweets that mentioned to users that from today onwards they won’t require to sign in to their accounts using the wallet. Further, they also emphasized that they are continuing to dig into this incident, but as a reminder, PREMMINT cautioned their users will never, EVER be asked to approve ANY KIND OF transaction on the website. And also, when connecting a wallet, users will be requested to *sign* a message, but there will NEVER be a gas fee or anything corresponding to a transaction.
Hungry for more information?
NFT Calendar from NFTHi
Join us on Telegram!
NFTHI does not recommend any kind of Investment in NFTs or NFT trading. All the strategies are merely educational references.
Conduct thorough research before you start with NFTs