Jul 2022 - Premint XYZ Malicious Contract - $91k (Global)
"The web3 allowlist platform. PREMINT is widely used by the world's top NFT artists, communities, brands, and celebrities to build allowlists for top NFT projects."
"PREMINT lets you define exactly who is able to join your list. Allow everyone, or set eligibility requirements. It's all part of our effort to fill your list with real collectors, not bots."
"Signing is the only way we can truly know that you are the owner of the wallet you are connecting. Signing is a safe, gas-less transaction that does not in any way give PREMINT permission to perform any transactions with your wallet."
"Today we made a lot of great security updates to PREMINT as a continuing effort to keep collectors safe. It touched everything from the dashboard to project pages to emails."
"Premint xyz got hacked." "Please do not sign any transactions that say set approvals for all!"
"Please do not interact with any @PREMINT_NFT raffles right now." "For project owners, do not try to change the settings of any raffles. It will require you to sign a malicious transaction."
"Nice lost 68eth worth of NFTs. Shoutout Premint" "I emptied my account, and the loss was transferred to 200ETH. Do you have a compensation plan?" "I lost 3 NFT because I trust you, what will you do?" "[L]ost 2 goblins..." "Just retuning my tiny astro that was stolen." "I lost .22 eth guys…" "I lost 15eth."
"Bold of you to think everyone would see this, it's your website, just shut it down or something." "Site got hacked and people got scammed hundreds of eth: Premint: Post a 12 word tweet without shutting the site down."
"You guys should make some sort of semi proof check for projects, as ultimately this will affect your reputation too."
"[T]he login signature is harmless. [Y]ou can only be drained if you send a paid [transaction] that says "set approval for all which you should NEVER do[. P]eople get drained because they don't look before they click[. A] simple sign in will never cost gas[. I]t's just an identity signature[.]"
"Premint should be paying everyone that got scammed, people put trust in you." "Can [I] get a refund for this one[?]" "Please do something this time to compensate who get scammed. You didnt do anything last time."
"We have removed all the PREMINT raffle links on our Twitter feed just in case someone accidentally clicks it and approves a malicious transaction. No worries. Most raffles have ended. We will proceed as we planned. Keep calm, stay safe!"
"Considering the recent incident with @PREMINT_NFT, we decided to stop The Potatoz allowlist raffle for Memelist holders to keep everyone safe and at ease. The 300 winners will be drawn directly from the Memelist wallets we collected from partners, contests, and giveaways."
"“Memelist” role in @MEMELAND discord is NOT a requirement. But if you have the role, remember to fill in the dyno form we shared in the “memelist-lounge” or we won’t know your wallet."
"1. Only the raffle for Memelist holders will be changed.
2. All other raffles are not affected.
3. We will announce the winners for all raffles in 24 hours."
Further Analysis
The Memelist project announces on Twitter that the raffle will be stopped as a result of this.
How Could This Have Been Prevented?
More Cryptocurrency Exchange Hacks/Scams/Frauds
Memeland MVP NFT #76 Stolen > > < < Impermax Finance Private Key Compromise Token Theft
Sources/Further Reading
@Memeland Twitter (Dec 31)
@Memeland Twitter (Dec 31)
@PREMINT_NFT Twitter (Dec 31)
@0xrinrin Twitter (Dec 31)
@yiyanccg Twitter (Dec 31)
@Jordan23NFT Twitter (Dec 31)
@TINACIOUS4REAL Twitter (Dec 31)
@God_Xela_ Twitter (Dec 31)
@lovelive1069 Twitter (Dec 31)
@buttrmychicken Twitter (Dec 31)
@JoshuaL93264603 Twitter (Dec 31)
@ianrocksx Twitter (Dec 31)
@dingdingETH Twitter (Dec 31)
@PREMINT_NFT Twitter (Dec 31)
@Memeland Twitter (Dec 31)
@Memeland Twitter (Dec 31)
What Is Memeland Nft By 9gag Not Just A Jpeg But Utility Enabled Pfps (Dec 31)
Memeland NFT Review: Team, Utility, Roadmap And More (Dec 31)
@Memeland Twitter (Dec 31)
9gagceo - "People are asking questions about @MEMELAND. Let me answer some of them." - Twitter (Dec 31)
@TINACIOUS4REAL Twitter (Dec 31)
@TINACIOUS4REAL Twitter (Dec 31)
@RektViceCity Twitter (Dec 31)
@PepeFren_ Twitter (Dec 31)
https://opensea.io/0x0C9797805a22E507Bf48F35C72A67f001b7418d0?tab=activity (Dec 31)
@web3bandit Twitter (Dec 31)
@ethnorthi Twitter (Dec 31)
@diogenefrsinope Twitter (Dec 31)
@dyl106_eth Twitter (Dec 31)
@RonnieDcky Twitter (Dec 31)
@RakaMakaFo_eth Twitter (Dec 31)
@catsmileaja Twitter (Dec 31)
@Dineroo1234 Twitter (Dec 31)
@NitinPa16450775 Twitter (Dec 31)
@MAYCMcDonalds Twitter (Dec 31)
@moarNFTspls Twitter (Dec 31)
@casey_hlp Twitter (Dec 31)
@yardieharlow Twitter (Dec 31)
@knifetalk3 Twitter (Dec 31)
@Nft4283Sama Twitter (Dec 31)
@ExPlaid Twitter (Dec 31)
@collins_fran513 Twitter (Dec 31)
@kremlinNFT Twitter (Dec 31)
@Chokbalass3000 Twitter (Dec 31)
PREMINT | The web3 allowlist platform (Dec 31)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|