Premint XYZ Malicious Contract

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Premint XYZ Homepage

The Memelist project announces on Twitter that the raffle will be stopped as a result of this.

This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38][39][40][41][42][43][44][45]

About Premint

"The web3 allowlist platform. PREMINT is widely used by the world's top NFT artists, communities, brands, and celebrities to build allowlists for top NFT projects."

"PREMINT lets you define exactly who is able to join your list. Allow everyone, or set eligibility requirements. It's all part of our effort to fill your list with real collectors, not bots."

"Signing is the only way we can truly know that you are the owner of the wallet you are connecting. Signing is a safe, gas-less transaction that does not in any way give PREMINT permission to perform any transactions with your wallet."

"Today we made a lot of great security updates to PREMINT as a continuing effort to keep collectors safe. It touched everything from the dashboard to project pages to emails."

"Premint xyz got hacked." "Please do not sign any transactions that say set approvals for all!"

"Please do not interact with any @PREMINT_NFT raffles right now." "For project owners, do not try to change the settings of any raffles. It will require you to sign a malicious transaction."

"Nice lost 68eth worth of NFTs. Shoutout Premint" "I emptied my account, and the loss was transferred to 200ETH. Do you have a compensation plan?" "I lost 3 NFT because I trust you, what will you do?" "[L]ost 2 goblins..." "Just retuning my tiny astro that was stolen." "I lost .22 eth guys…" "I lost 15eth."

"Bold of you to think everyone would see this, it's your website, just shut it down or something." "Site got hacked and people got scammed hundreds of eth: Premint: Post a 12 word tweet without shutting the site down."

"You guys should make some sort of semi proof check for projects, as ultimately this will affect your reputation too."

"[T]he login signature is harmless. [Y]ou can only be drained if you send a paid [transaction] that says "set approval for all which you should NEVER do[. P]eople get drained because they don't look before they click[. A] simple sign in will never cost gas[. I]t's just an identity signature[.]"

"Premint should be paying everyone that got scammed, people put trust in you." "Can [I] get a refund for this one[?]" "Please do something this time to compensate who get scammed. You didnt do anything last time."

"We have removed all the PREMINT raffle links on our Twitter feed just in case someone accidentally clicks it and approves a malicious transaction. No worries. Most raffles have ended. We will proceed as we planned. Keep calm, stay safe!"

"Considering the recent incident with @PREMINT_NFT, we decided to stop The Potatoz allowlist raffle for Memelist holders to keep everyone safe and at ease. The 300 winners will be drawn directly from the Memelist wallets we collected from partners, contests, and giveaways."

"“Memelist” role in @MEMELAND discord is NOT a requirement. But if you have the role, remember to fill in the dyno form we shared in the “memelist-lounge” or we won’t know your wallet."

"1. Only the raffle for Memelist holders will be changed.

2. All other raffles are not affected.

3. We will announce the winners for all raffles in 24 hours."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Premint XYZ Malicious Contract
Date Event Description
July 17th, 2022 2:05:00 AM MDT Hack Announced Announcement about the hack.
July 18th, 2022 11:41:00 AM MDT Potatoz Allowlist Stopped The Memelist project announces on Twitter that the raffle will be stopped as a result of this.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost has been estimated at $91,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

@TINACIOUS4REAL You guys stole my nft from my wallet. Pass I didn't get and I lost my wallet can you respond to me. @RektViceCity I'm waiting for the refund of 10 eth thank you @Jordan23NFT Nice lost 68eth worth of NFTs. Shoutout Premint @PepeFren_ I lost 15eth @web3bandit this wallet is currently being drained & accepting offers below market value + NFTs being transferred out. RIP the owner @mulligan @PREMINT_NFT are you guys will do anything ? So many ppl lost their money. Still no any explanation. @diogenefrsinope Should we revoke? @JoshuaL93264603 I lost 3 NFT because I trust you, what will you do ? @dyl106_eth Lost my bored ape @RonnieDcky Please do something this time to compensate who get scammed. You didnt do anything last time. @OnChainMonkey thanks God, realized when it asked one more permission, lost only one my Karma Monkey @catsmileaja Pls report this wallet scammer 0xe64ad42e9ed6135b504f4c29ffe9d3a187bc14e2 @0xrinrin Premint should be paying everyone that got scammed, people put trust in you @lovelive1069 I lost .22 eth guys… @Dineroo1234 Are you guys gonna do something about this? I lost money over 4ETH @NitinPa16450775 My friend already got scammed with this @MAYCMcDonalds Fuck i got drain wallet i dont know what to do @moarNFTspls I LOST EVERYTHING. PLEASE HELP @casey_hlp 0x0C9797805a22E507Bf48F35C72A67f001b7418d0 This wallet has had $200,000 worth of their NFTs sold for shit WETH Offers in the last 20 minutes. This is BAAAAD @yardieharlow Whyyyyyyyy Lost my NFTs because of this lookalike @knifetalk3 I emptied my account, and the loss was transferred to 200ETH. Do you have a compensation plan? @Nft4283Sama The website send to rick roll youtube. This is insane @ExPlaid Wth ...i lost 1.5eth @collins_fran513 I have lost all my funds in my mm @kremlinNFT Can i get a refund for this one @ianrocksx lost 2 goblins... @Chokbalass3000 I also got stripped of 4 nft...

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. @Memeland Twitter (Nov 21, 2022)
  2. @Memeland Twitter (Nov 21, 2022)
  3. @PREMINT_NFT Twitter (Nov 22, 2022)
  4. @0xrinrin Twitter (Nov 22, 2022)
  5. @yiyanccg Twitter (Nov 22, 2022)
  6. @Jordan23NFT Twitter (Nov 22, 2022)
  7. @TINACIOUS4REAL Twitter (Nov 22, 2022)
  8. @God_Xela_ Twitter (Nov 22, 2022)
  9. @lovelive1069 Twitter (Nov 22, 2022)
  10. @buttrmychicken Twitter (Nov 22, 2022)
  11. @JoshuaL93264603 Twitter (Nov 22, 2022)
  12. @ianrocksx Twitter (Nov 22, 2022)
  13. @dingdingETH Twitter (Nov 22, 2022)
  14. @PREMINT_NFT Twitter (Nov 22, 2022)
  15. @Memeland Twitter (Sep 15, 2023)
  16. @Memeland Twitter (Sep 15, 2023)
  17. What Is Memeland Nft By 9gag Not Just A Jpeg But Utility Enabled Pfps (Nov 22, 2022)
  18. Memeland NFT Review: Team, Utility, Roadmap And More (Nov 22, 2022)
  19. @Memeland Twitter (Nov 21, 2022)
  20. @9gagceo Twitter (Nov 22, 2022)
  21. @TINACIOUS4REAL Twitter (Sep 18, 2023)
  22. @TINACIOUS4REAL Twitter (Sep 18, 2023)
  23. @RektViceCity Twitter (Sep 18, 2023)
  24. @PepeFren_ Twitter (Sep 18, 2023)
  25. https://opensea.io/0x0C9797805a22E507Bf48F35C72A67f001b7418d0?tab=activity (Sep 18, 2023)
  26. @web3bandit Twitter (Sep 18, 2023)
  27. @ethnorthi Twitter (Sep 18, 2023)
  28. @diogenefrsinope Twitter (Sep 18, 2023)
  29. @dyl106_eth Twitter (Sep 18, 2023)
  30. @RonnieDcky Twitter (Sep 18, 2023)
  31. @RakaMakaFo_eth Twitter (Sep 18, 2023)
  32. @catsmileaja Twitter (Sep 18, 2023)
  33. @Dineroo1234 Twitter (Sep 18, 2023)
  34. @NitinPa16450775 Twitter (Sep 18, 2023)
  35. @MAYCMcDonalds Twitter (Sep 18, 2023)
  36. @moarNFTspls Twitter (Sep 18, 2023)
  37. @casey_hlp Twitter (Sep 18, 2023)
  38. @yardieharlow Twitter (Sep 18, 2023)
  39. @knifetalk3 Twitter (Sep 18, 2023)
  40. @Nft4283Sama Twitter (Sep 18, 2023)
  41. @ExPlaid Twitter (Sep 18, 2023)
  42. @collins_fran513 Twitter (Sep 18, 2023)
  43. @kremlinNFT Twitter (Sep 18, 2023)
  44. @Chokbalass3000 Twitter (Sep 18, 2023)
  45. PREMINT | The web3 allowlist platform (Sep 19, 2023)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Premint_XYZ_Malicious_Contract&oldid=5125"