NFT Hackers Attack: Influencer Zeneca and Platform PREMINT are the Latest Targets
Non-fungible token (NFT) influencer Zeneca and NFT registration platform PREMINT are the latest targets of hacking attempts against the NFT community.
Zeneca’s social media accounts were compromised on late Tuesday and linked to a fake airdrop for the influencer’s “Zen Academy Founders Pass,” tricking users into connecting their wallets.
“Hey everyone wanted to do something special for the community so here I go!” Zeneca’s compromised Twitter account had posted. “I would like to announce the official release of the Zen Academy Founders Pass airdrop. There will be 333 of these passes to start off. The lucky few that manage to get one.”
Soon after the tweet was sent, Twitter’s head of consumer product marketing Justin Tayler confirmed that the account had been hacked and locked it down.
.@Zeneca_33 has been hacked, but is now locked down.— Justin Taylor (@TheSmarmyBum) July 19, 2022
Will be getting him access back soon
Zeneca, who has since gotten access to his account back, claims he has no idea of how the hack took place. In a Twitter thread, he said he had two-factor authentication (2FA) enabled using Google Authenticator, and even speculated that this could be an inside job.
Web3 security analyst Serpent also asked Tayler to do an internal investigation, saying that “way too many high profile accounts (with authenticator 2FA) have been getting hacked recently.”
The hack came shortly after the Bored Ape Yacht Club creator Yuga Labs warned the NFT community in a Monday tweet about “a persistent threat group that targets the NFT community.”
“We believe that they may soon be launching a coordinated attack targeting multiple communities via compromised social media accounts. Please be vigilant and stay safe,” the official Twitter account of Yuga Labs said.
Meanwhile, in a separate incident, NFT registration platform PREMINT suffered a hack on July 17, leading to total losses of around USD 430,000 for users who clicked on a malicious link.
PREMINT confirmed the hack in a Twitter thread, detailing that the “issue only affected users who connected a wallet via this dialog after midnight Pacific time.”
According to a security analysis report from Certik, the hacker compromised PREMINT’s website by uploading a malicious JS file to the site. Unsuspecting users who clicked on the link were asked to sign a transaction that would give the hacker access to steal their NFTs.
Certik has discovered six Ethereum (ETH) addresses directly associated with the attack, with approximately ETH 275 (USD 430,330) stolen in NFTs.
On July 18, the platform announced that users no longer need their wallets when logging back into PREMINT. Instead, Twitter or Discord accounts can be used.
We're continuing to dig into this incident, but a reminder:— PREMINT (@premint) July 18, 2022
❌ You will never, EVER be asked to approve ANY KIND OF transaction on PREMINT.
✍️ When connecting a wallet, you'll be asked to *sign* a message, but there will NEVER be a gas fee or anything resembling a transaction.
Later in the afternoon on Wednesday (UTC time), PREMINT said they will be going live to share “big news about our security incident and next steps.”
– EU Lawmakers Want Anti-Money Laundering Rules To Cover NFTs
– UK Court Allows Civil Case Claimant to File NFT Legal Documents
– Hackers Stole USD 670M from DeFi Projects in Q2, Up by 50% from Q2 2021
– Bitfinex Hack Suspect Heather Morgan Cleared to Seek Job and Get Paid Over USD 10K a Month
– CryptoPunk Sales Top Monthly Charts as Other Blue-Chip NFT Collections Slump
– NFTs Winning Damien Hirst’s Art Experiment So Far as Over 2,000 Tokens Burned