Yuga Labs warns of ‘persistent threat group’ targeting NFT holders
Bored Ape Yacht Club (BAYC) creator Yuga Labs has warned that there could soon be a “coordinated attack” targeting several non-fungible token (NFT) communities.
The NFT company told its Twitter followers on Tuesday that its security team has tracked a “persistent threat group” targeting the NFT community through compromised social media accounts, and urged followers to be on the lookout.
Our security team has tracked a persistent threat group targeting the NFT community. We believe that they may soon launch a coordinated attack targeting multiple communities via compromised social media accounts. Be alert and be safe.
— Yuga Labs (@yugalabs) 18 July 2022
This is not the first time the company has warned the community about a possible social media attack by hackers.
Not the first, not the last
In June, Gordon Goner, pseudonymous co-founder of Yuga Labs, issued a warning about a possible incoming attack on the Twitter social media accounts.
Soon after the warning, Twitter officials began monitoring activity on the accounts and beefed up their existing security. Goner told investors that the company would never implement surprise coins, a popular method attackers use to lure victims.
In the month, two official Discord groups related to BAYC and OtherSide NFTs were also compromised, allowing scammers to share various phishing links to the official BAYC, Mutant Ape Yacht Club, and OtherSide groups on discord.
Cointelegraph asked Yuga Labs for more details about the “persistent threat group” and the potential attack, but did not immediately receive a response.
Premint NFT website is hacked
Yuga Lab’s new warning comes just days after threat actors hacked popular NFT platform Premint NFT, stealing approximately 314 NFTs and $375,000 in Ether (ETH), making it one of the biggest NFT hacks of 2022.
Premint is an NFT whitelisting service that helps NFT artists quickly access a large number of verified NFT collectors and whitelist them for new NFT projects. The NFT service platform offers more than 12,000 NFT projects and a database of more than 2.4 million collectors.
According to blockchain security firm Certik, the thefts occurred on Sunday after hackers inserted malicious code into Premint’s website.
The code created a pop-up asking users to confirm ownership of the wallet, but instead gave hackers the necessary permissions to transfer NFTs from the victim’s wallets.
Related: NFT, DeFi and Crypto Hacks Abound — How to Double Your Wallet Security
Six wallets have been identified as victims of the attack, containing NFTs including Bored Ape Yacht Club, Otherside, Oddities and Goblintown.
Premint said it would continue to “dig into the incident” and reminded users that they would never be asked to sign any kind of transaction on the platform.
We continue to dig into this incident, but a reminder:
❌ You will never, EVER, be asked to approve ANY KIND of transactions on PREMINT.
✍️ When you connect a wallet, you will be asked to *sign* a message, but there will NEVER be a gas charge or anything resembling a transaction.
— PREMINT | NFT Access List Tool (@PREMINT_NFT) 18 July 2022
The platform has also changed in light of the attack, allowing users to log in without their wallet – something they claim will be safer and more convenient.
