Yuga Labs warns of a coordinated attack on NFT communities
Source: gualtiero boffi – shutterstock
- A breach of Yuga Labs’ BAYC and OtherSide discord groups occurred last month.
- The warning follows the attack on the Premint NFT website, with hackers stealing over 300 NFTs and $ 375,000 ETH.
The creator of the Bored Ape Yacht Club (BAYC), Yuga Labs, has warned of a “persistent threat group” targeting non-fungible token (NFT) holders and communities. The NFT company urged its followers to be more careful. It also said that the security team has been monitoring this group for some time. The way this group operates is to break an NFT community by compromising their social media accounts.
Our security team has tracked down a persistent threat group targeting the NFT community. We believe that they can soon launch a coordinated attack targeting multiple communities via compromised social media accounts. Be vigilant and be safe.
– Yuga Labs (@yugalabs) July 18, 2022
An earlier warning
This is not the first time Yuga Labs has issued a warning about a possible coordinated attack on NFT communities. Last month, Gordon Goner, one of the founders of Yuga Labs, but with an anonymous identity, shared a similar warning about the plan to attack Yuga’s social media accounts.
Following the warning, Yuga officials began tracking their social media accounts (especially Twitter) and improving their security. Goner further warned investors to avoid surprise coins. Most attackers usually use the surprise coin method to lure their potential victims.
The Yuga Labs co-founder made it clear that the NFT company would never carry our surprise coins. Last month, hackers broke into two official disagreements over BAYC and OtherSide NFTs. Thus, they successfully shared phishing links to NFT coins related to BAYC, mutant ape yacht club and OtherSide on these channels.
However, Yuga Labs has not yet given a more detailed explanation or an official statement on what it knows about the threat group mentioned on the Twitter channel. The Yuga Labs team has also not answered the media’s questions about the case.
Hackers break into the Premint NFT website
Yuga Labs warning follows an attack on the Premint NFT platform. The hack, which happened two days ago, caused the NFT platform to lose around 314 NFTs and ETH worth $ 375,000. Compared to other NFT hacks this year, this hack is one of the largest.
Premint offers an NFT safe listing service for NFT artists. It connects them to a large selection of NFT collectors and secures them for new NFT projects. Premint boasts over 12,000 NFT projects and almost 2.43 million collectors.
Analysis by the blockchain security company Certik showed that the attackers were able to break Premint’s website after inserting a malicious code on their website. The web code led to a pop-up asking users to confirm that they own the wallet. However, hackers used this tool to obtain the important information they needed to move NFTs from various Premint user wallets.
So far, six wallets are known to have been compromised. These wallets contain NFTs like Goblintown, BAYC, oddities and OtherSide. Premint’s statement after the incident was that the investigation is still ongoing. It also warned that users should never sign off on any transaction, as the platform would never ask them to do so.
We continue to dig into this incident, but a reminder:
❌ You will NEVER, NEVER, be asked to approve ANY KIND of transactions on PREMINT.
✍️ When you connect to a wallet, you will be asked to * sign * a message, but it will NEVER be a gas fee or anything resembling a transaction.
– PREMINT | NFT Access List Tool (@PREMINT_NFT) July 18, 2022
The NFT platform also made a change in the way users log in to the site. Users no longer need the wallet to log in. The platform said that this login method is safer and more convenient.
