Depricated as of Oct 2022

Some CRYPKYP functionalities are depricated as of October 2022 and will no longer be populated until further development and future version.
Although all here is visible and interactable you can not Contribute to those articles.
Try looking at other information on the Platform and Contributing there!

Have a great day,

300+ NFTs Stolen, $400K in Ethereum Taken In Premint Hack

Source: Decrypt
1658225120 19 Jul / 10:05

In one of the most significant attacks of its kind this year, hackers breached the popular NFT registration portal Premint on Sunday and made off with 320 stolen NFTs and more than $400,000 in profit.

According to an investigation by blockchain security company CertiK, malicious JavaScript code infiltrated the Premint website on Sunday. Then, they built a pop-up on the website that requested visitors to authenticate their wallet ownership, ostensibly as an additional security precaution.

Multiple users instantly recognized that the pop-up was fraudulent and turned to Twitter and Discord to warn others not to follow its directions. Despite this, the hackers had already fooled some Premint clients within minutes.

Popular NFTs from the Bored Ape Yacht Club, Otherside, Moonbirds Oddities, and Goblintown collections were stolen. After acquiring these NFTs, the hackers immediately began reselling them on marketplaces like OpenSea; a stolen Bored Ape sold for 89 ETH or almost $132,000 at the time of writing.

On Sunday, the sales of all 320 stolen NFTs generated 275 ETH, or a little over $400,000, for the hackers.

The perpetrators then transferred the cash to Tornado Cash, a service that combines the bitcoin deposits of many users and mixes them, essentially erasing the digital footprint generally left by blockchain transactions. Cybercriminals routinely employ mixing services like Tornado Cash to “clean” stolen bitcoin.

Yesterday, Premint acknowledged the attack on Twitter and reassured users that the vast majority of accounts were not compromised. “Thanks to the wonderful web3 community for disseminating warnings, relatively few people fell for this,” the business tweeted.

Some Premint users observed that the compromised site remained accessible for almost 10 hours following its first intrusion early Sunday morning. Others grieved the loss of their digital assets and inquired whether Premint would reimburse the value of the stolen NFTs to their accounts.

Since then, Premint has been collecting data on all NFTs stolen in the breach. The firm declined to comment on the record to Decrypt.

In a somewhat ironic fashion, the business had intended to reveal a new security feature in the days leading up to the hack: the option to log in to Premint through Twitter or Discord. This would allow users to access the site without directly inputting wallet data. Any Premint user who utilized this login technique would have been safe from yesterday’s breach.

However, the functionality had not yet been released. Following Sunday’s events, Premint’s management decided to provide the new functionality a few days sooner than initially planned:

The attack is not the first fraud to target the NFT business, which produced $25 billion in sales in 2017 alone. In February, nearly $1.7 million worth of NFTs were stolen in a phishing scam on OpenSea. In April, a $2.8 million NFT was stolen after the Instagram account of Bored Ape Yacht Club was compromised. Last month, actor Seth Green spent nearly $300,000 to retrieve a stolen Bored Ape NFT that he intended to include in a forthcoming television series.

Despite the enormous wealth pouring through the NFT market, the security of these assets, particularly when tied to centralized corporations such as Premint, is a persistent concern.

According to one Premint user, “security is the most neglected aspect of the crypto field.”

Last News and Media
CRYPKYP contain links to third-party websites, resources, and advertisers. CRYPKYP does not control, sponsor, recommend or otherwise accept responsibility for any third-party content because we are not responsible for the availability of these outside resources or their contents or privacy practices. It will help if you direct any concerns regarding any third-party content to such a third party. We don't accept responsibility for the content of external websites linked to through the Site or the Services. Third-party content is accessed at the user's own risk. CRYPKYP distributes content from third-party publishers as indicated on the site from time to time mainly in Airdrops, News / Media, Whale Alerts, and Rumors. In these circumstances, CRYPKYP only provides limited stylistic input to the content. CRYPKYP does not verify and takes no responsibility for the accuracy of the content provided by any such third-party publishers.