Attacks on the non-fungible token (NFT) community’s most recent targets include NFT influencer Zeneca and NFT registration service PREMINT.
Users were duped into linking their wallets by a phony airdrop for the influencer’s “Zen Academy Founders Pass” tied to Zeneca’s social media pages late on Tuesday.
Everyone wants to be doing something special for the neighborhood, so I’m doing it now. The hijacked Twitter account for Zeneca had been published. “I want to let you know that the airdrop for the Zen Academy Founders Pass is now officially available. There will initially be 333 of these passes. the fortunate few who can obtain one.”
Twitter Reacts Quickly
Twitter’s head of consumer product marketing Justin Tayler quickly after the post was sent, confirmed that the account was hacked and shut it down.
.@Zeneca_33 has been hacked, but is now locked down.
Will be getting him access back soon
— Justin Taylor (@TheSmarmyBum) July 19, 2022
Zeneca, who has subsequently regained access to his account, asserts that he is unaware of the details of the attack. He claimed to have two-factor authentication (2FA) enabled using Google Authenticator in a Twitter conversation and even suggested that this might be an inside job.
Tayler was also asked to conduct an internal inquiry by Web3 security analyst Serpent, who claimed that “far too many high profile identities (with authenticator 2FA) had been hacked recently.”
What other ones? Deekay didn’t have 2fa
— Justin Taylor (@TheSmarmyBum) July 19, 2022
The attack happened shortly after Yuga Labs, the company that created the Bored Ape Yacht Club, tweeted on Monday to warn the NFT community about “a persistent threat organization that targets the NFT community.”
“We predict they will soon use compromised social media accounts to undertake a coordinated attack against several communities. Please exercise caution and remain safe, “Yuga Labs’ official Twitter account stated.
In a related incident, the NFT registration platform PREMINT was breached on July 17, causing users who clicked on a malicious link to lose a total of about USD 430,000.
In a discussion on Twitter, PREMINT acknowledged the attack and stated that “the vulnerability only affected customers who connected a wallet using this dialog after midnight Pacific time.”
A malicious JS file was uploaded to the PREMINT website by the hacker, according to a security analysis report by Certik. Unaware users were prompted to sign a transaction after clicking the link, giving the hacker access to their NFTs.
Six Ethereum (ETH) addresses directly connected to the assault have been found by Certik, and about ETH 275 (or $ 430,330) was taken in NFTs.
The site announced on July 18 that when logging back into PREMINT, users no longer require their wallets. Instead, you might utilize your Twitter or Discord accounts.
We're continuing to dig into this incident, but a reminder:
❌ You will never, EVER be asked to approve ANY KIND OF transaction on PREMINT.
✍️ When connecting a wallet, you'll be asked to *sign* a message, but there will NEVER be a gas fee or anything resembling a transaction.
— PREMINT (@premint) July 18, 2022
PREMINT announced they will go live on Wednesday (UTC) to provide “important news about our security incident and next moves.”