A hacker has compromised the official website of Premint, an NFT whitelisting platform.
The hacker stole $375,000 worth of NFTs from Premint.
Security firm CertiK state that a black hat hacker injected a malicious piece of JavaScript code on premint.xyz.
The code instructed users to sign a malicious transaction through a wallet pop-up. A total of six users signed the code, giving the hacker full control to spend funds.
Before the exploit could be discovered, the hacker was able to steal 314 different NFTs.
These included NFTs from collections like Bored Ape Yacht Club, Otherside, Moonbirds Oddities, and Goblintown.
The stolen assets were sold for 270 ETH ($375,000) around 07:30 a.m. ET on Sunday. The hacker transferred the proceeds to this address and routed them through Tornado Cash, a popular transaction mixer on the Ethereum network.
