NFT registration platform Premint, which over the weekend suffered a hack that saw over 300 NFTs stolen from users’ wallets, announced today that it intends to repay the hack’s victims.
In a live-streamed incident update this afternoon, Premint CEO Brenden Mulligan announced that the company, in collaboration with “a third-party, non-Premint employee” performed on-chain analysis this week to compile a list of all NFTs stolen during Sunday’s hack.
Over the course of this week, every associated crypto wallet on that list will receive a payment in Ethereum (ETH) equivalent to the collection floor price of every stolen NFT as of 10:00 a.m. PST this morning. Mulligan told Decrypt the total sum that Premint will repay to defrauded customers will amount to around 340 ETH, or just over $525,000.
“I realize that the NFTs stolen were not all floor NFTs,” Mulligan said this morning. “Floor” refers to the cheapest available NFT of a given collection. Some of the NFTs stolen were considered rare and valued at a much higher market price than those priced at the floor. “You might feel like this compensation isn’t enough. But I don’t think there’s any other scalable and objective way to do this,” said the Premint CEO.
There are two prominent exceptions to that repayment policy: the two most expensive NFTs stolen on Sunday, a Bored Ape the hackers flipped for 89 ETH ($138,000), and an Azuki they sold for just over 10 ETH ($16,000). Mulligan announced today that Premint was able to buy both NFTs off their new owners at purchase price, and has since returned them to their pre-hack owners. Mulligan stated these were the most valuable NFTs taken by the hackers “by orders of magnitude.”
During the announcement, Mulligan stated his general aversion to repaying the victims of digital asset hacks. “I have this feeling, and many others have this feeling, that compensation in this world, when a hack happens, actually has a negative long-term effect,” Mulligan said. “Because it doesn’t teach people a lesson.”
Mulligan claimed that “the vast majority of people” he’s consulted since the hack “have told me that we shouldn’t have any compensation.” Despite this, because the hack occurred within Premint’s own site, Mulligan felt the event constituted a one-time exception to his philosophy.
On Sunday, hackers compromised Premint’s site with malicious JavaScript code, and created a pop-up within the site directing users to verify their wallet ownership, ostensibly as an additional security measure. The hackers then infiltrated the wallets of duped customers, stole 321 NFTs, and quickly sold most of them, to the tune of over $400,000 at the time.
In a gesture of the company’s long-term commitment to user security, Mulligan also announced today that Premint has acquired wallet authentication tool Vulcan. Mulligan said more details on that partnership will come next week.
Sunday’s hack was only the latest scam to target the NFT market, which last year alone generated $25 billion in sales. In February, a phishing scam on OpenSea stole over $1.7 million worth of NFTs. In April, a hack of Bored Ape Yacht Club’s instagram account led to a $2.8 million NFT theft. Last month, actor Seth Green paid almost $300,000 to recover a stolen Bored Ape NFT he was planning to make the centerpiece of an upcoming television series.
A common thread linking many such NFT thefts is the involvement of centralized sites and platforms like Premint, to which users give some amount of private information in exchange for convenience and novel features. While giving wallet information over to a centralized platform can expose users to additional risks, it can also offer certain protections, like today’s repayment scheme.
“It’s been a horrible experience for me personally, and the team,” Mulligan said of the week’s events. “Hopefully with this we’re ready to move on.”
Want to be a crypto expert? Get the best of Decrypt straight to your inbox.
Get the biggest crypto news stories + weekly roundups and more!