North Korean Hackers Steal NFT with Hundreds of Phishing Domains

NFT investors should beware. Hackers linked to North Korea’s Lazarus Group are conducting a massive phishing campaign, impersonating NFT marketplaces, NFT projects and even a DeFi platform

Image: pexels.com

Blockchain security firm SlowMist released the results of an investigation on North Korean Advanced Persistent Threat (APT) groups and the tactics they employ to target NFT users.

The study revealed that North Korean hackers from Lazarus Group have deployed nearly 500 of decoy websites disguised as NFT platforms and projects. Such fake websites use household brand names to mislead investors. For instance, the security firm discovered one pseudo resource pretending to be associated with the World Cup, as well as numerous sites impersonating large NFT marketplaces such as OpenSea, X2Y2 and Rarible.

Some of these deceptive websites employ the “malicious Mints” scheme. Victims think they are minting a legitimate NFT, and connect their wallet to the website. However, the NFT is fraudulent, so the hacker gets full access to the victim’s wallet.

Other phishing tactics include recording visitor data and saving it to external sites or linking images to target projects. Upon obtaining the visitor’s data, hackers run various attack scripts on the victim. As a result, malefactors get access to the victim’s access records, authorizations, sigData, and the use of plug-in wallets.

Interestingly, many of the discovered phishing websites operated under the same IP. Namely, one of the fraudsters’ IPs hosted 372 NFT phishing websites and another – 320. The earliest registered phishing domain of this kind appeared about seven months ago.

The ill gains of one phishing address alone were 1,055 NFTs and 300 ETH, worth $367,000.

We have previously reported that out of $620 million in crypto stolen by North Korean hacking groups this year, none affected South Korean users, thanks to the enhanced KYC policies.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

North Korean Hackers Steal NFT with Hundreds of Phishing Domains

SEE ALSO:

Nina Bobro

Breaking News

Canada Institutional Investors Increase Crypto Exposure to 39%

Switzerland Says About UBS’s Likely Need for Money

SK Hynix Plans Chip Production Expansion

Visa and Standard Chartered Collaborate on Cross-Border B2B Payments

Square Expands Offline Payments

Join Us

Newsletter

North Korean Hackers Steal NFT with Hundreds of Phishing Domains

SEE ALSO:

Nina Bobro

Related Posts

Breaking News

Join Us

Newsletter

Get Updates