@Corvette_NFT Hacking is insanely easy, I learned at 13 & was pentesting for years afterwards over a decade ago. In the US, We don't see many rogue hackers cuz the penalties are severe.
But outside US, especially in Russia/Asia/ME, Penalties barely exist, nor does extradition in many cases
New exploit in the wild that affected premint, NFT projects need to enforce strict off site dependency rules or move to hosted libs only. The exploit targets the dependencies that nearly all websites use for tracking, animation, etc. The hacker gains access to 3rd party lib..
1/ The @PREMlNT_NFT seems to stem from a bad actor's dependency injection via a similarly named domain.
IF YOU DID NOT SIGN A "SET APPROVAL FOR ALL" TRANSACTION ON PREMINT, YOU ARE SAFE.
Here's what happened.
@iampamungkaski@ncwvanq Well I didn't get to test the exploit, but since it would be a native injection, your wallet would likely already be connected and authorized for the domain name. So, it would just be a contract call to a new contract using the preexisting connection.
@ncwvanq@shanicucic96@DigiNomadd@PREMINT_NFT Yes, because they are basically injecting a popup onto a native website. The content of that popup, prompts the user to secure there wallet with some new feature offered by target site. In reality, it's authorizing full access to your wallet to an entirely different contract
@shanicucic96@DigiNomadd@PREMINT_NFT@shanicucic96 for instance, godjira uses a few frameworks such as GSAP, Flickity, etc. All a hacker needs to do is compromise one of them and add a small bit of code and your done next time you update your site. First I've seen this type of hack in the crypto space
@shanicucic96@DigiNomadd@PREMINT_NFT Wasn't the team, it was a clever dependency hack. When u make a website, you have to link to a bunch of open-source frameworks to support animations & such. Someone hacked the dependency with purpose built code to target premint. This could easily happen to godjira as well.
@moarNFTspls @PREMINT_NFT Also if it's not immediately clear, there is no way to get your funds back unless the hacker decides to refund as a matter of principle. Ignore all the people saying otherwise they are more scammers.
@moarNFTspls @PREMINT_NFT If you are in the US, call 988 for suicide prevention help, or feel free to DM me if you want to chat. I don't know you and this just popped up in my feed but I'd be open to chatting anyway
@shanicucic96 Not a good idea a lot of these type of DMs are to get into your followers news feeds and eventually they launch rug projects, sell out and then delete the accounts.
@BrianSumner420 Sorry to hear, we recently had a scare and it was easily the scariest moment of my life. Luckily our little girl was OK and born healthy 2 months ago. You have my prayers and hope you guys are OK!
Once the floor settles, https://t.co/ECfO3fAhWb is a solid BUY. Hard to tell where that will be until the WL mints, but at least for the time being 1.5 ETH seems to be a natural resistance. Smart play is to hit all token ID's with really low bids.
@PGodjira@shanicucic96