DataBreach.com reported an update from Sunday that “Hackers behind one of the year’s largest non-fungible token hacks stole at least 314 blockchain entries worth about $375,000 from users of Premint NFT platform. That amount climbed to more than $421,000 as of Tuesday morning….” The July 18, 2022 article entitled “Hackers Steal $421K From Premint NFT Platform (UPDATE)” included these comments:
Users who fell for the prompt also agreed to a “SetApprovalForAll” setting in their wallet, letting hackers drain their wallets. Premint says a “relatively small number of users” fell for the prompt and that it is putting additional security in place.
SetApprovalForAll is designed to allow decentralized finance platform users to automatically approve the transfer of specific tokens designated by an underlying smart contract at a future time. The function is a boon for threat actors who exploit it to transfer all of another users’ tokens to their own wallets
Unfortunately I think we will see more NFT thefts!