22/07/2022 Premint to Return $500K in Ethereum to NFT Hack Victims

The NFT platform is also acquiring wallet security firm Vulcan to help prevent hacks from happening again, said Premint CEO Brenden Mulligan.


Bored Apes are among the most expensive NFTs around. Image: Shutterstock
Bored Apes are among the most expensive NFTs around. Image: Shutterstock

NFTregistration platform Premint, which over the weekend suffereda hack that saw over 300 NFTs stolen from users’ wallets, announced today that it intends to repay the hack’s victims.

In alive-streamed incident updatethis afternoon, Premint CEO Brenden Mulligan announced that the company, in collaboration with “a third-party, non-Premint employee” performed on-chain analysis this week to compile a list of all NFTs stolen during Sunday’s hack.

Over the course of this week, every associated cryptowalleton that list will receive a payment inEthereum(ETH) equivalent to the collection floor price of every stolen NFT as of 10:00 a.m. PST this morning. Mulligan toldDecryptthe total sum that Premint will repay to defrauded customers will amount to around 340 ETH, or just over $525,000.

“I realize that the NFTs stolen were not all floor NFTs,” Mulligan said this morning. "Floor" refers to the cheapest available NFT of a given collection. Some of the NFTs stolen were considered rare and valued at a much higher market price than those priced at the floor. “You might feel like this compensation isn’t enough. But I don’t think there’s any other scalable and objective way to do this,” said the Premint CEO.

There are two prominent exceptions to that repayment policy: the two most expensive NFTs stolen on Sunday, aBored Apethe hackers flipped for 89 ETH ($138,000), and anAzukithey sold for just over 10 ETH ($16,000). Mulligan announced today that Premint was able to buy both NFTs off their new owners at purchase price, and has since returned them to their pre-hack owners. Mulligan stated these were the most valuable NFTs taken by the hackers “by orders of magnitude.”

During the announcement, Mulligan stated his general aversion to repaying the victims of digital asset hacks. “I have this feeling, and many others have this feeling, that compensation in this world, when a hack happens, actually has a negative long-term effect,” Mulligan said. “Because it doesn’t teach people a lesson.”

300+ NFTs Stolen, $400K in Ethereum Taken In Premint Hack

On Sunday, hackers infiltrated popular NFT registration platform Premint and made away with 320 stolen NFTs and more than $400,000 in profit in one of the biggest such hacks this year. Accordi...

Mulligan claimed that “the vast majority of people'' he’s consulted since the hack “have told me that we shouldn’t have any compensation.” Despite this, because the hack occurred within Premint’s own site, Mulligan felt the event constituted a one-time exception to his philosophy.

On Sunday, hackers compromised Premint’s site with malicious JavaScript code, and created a pop-up within the site directing users to verify their wallet ownership, ostensibly as an additional security measure. The hackers then infiltrated the wallets of duped customers, stole 321 NFTs, and quickly sold most of them, to the tune of over $400,000 at the time.

In a gesture of the company’s long-term commitment to user security, Mulligan also announced today that Premint has acquired wallet authentication toolVulcan. Mulligan said more details on that partnership will come next week.

Sunday’s hack was only the latest scam to target the NFT market, which last year alone generated $25 billion in sales. In February, a phishing scam on OpenSeastole over $1.7 million worth of NFTs. In April, a hack of Bored Ape Yacht Club’s instagram accountled to a $2.8 million NFT theft. Last month, actor Seth Greenpaid almost $300,000 to recover a stolen Bored Ape NFThe was planning to make the centerpiece of an upcoming television series.

A common thread linking many such NFT thefts is the involvement of centralized sites and platforms like Premint, to which users give some amount of private information in exchange for convenience and novel features. While giving wallet information over to a centralized platform can expose users to additional risks, it can also offer certain protections, like today’s repayment scheme.

“It’s been a horrible experience for me personally, and the team,” Mulligan said of the week’s events. “Hopefully with this we’re ready to move on.”

Arts

https://decrypt.co/105585/premint-return-500k-ethereum-nft-hack-victims