Hackers with ties to North Korea’s Lazarus Group are said to be behind a huge phishing campaign that targets investors in non-fungible tokens (NFTs). The campaign uses almost 500 phishing domains to trick people into giving their information.
Slow Mist, a blockchain security company, released a report on December 24 about how North Korean Advanced Persistent Threat (APT) groups try to keep NFT investors from getting their NFTs. The report includes NFT-related platforms and websites that look like they are for other projects.
One of these fake websites pretends to be a World Cup-related project, and others try to look like well-known NFT marketplaces like OpenSea, X2Y2, and Rarible.
SlowMist said that one thing these fake websites do is offer “malicious mints,” which make people think they are making a real NFT when they connect their wallet to the website.
But the NFT is a fake, and the hacker now has access to the victim’s wallet, leaving it open to more theft.
The report also found that many phishing websites used the same Internet Protocol (IP), with 372 NFT phishing websites using the same IP and 320 NFT phishing websites linking to a different IP.
According to SlowMist, the phishing campaign has been ongoing for some months, with the first domain name being registered approximately seven months ago.
In addition to gathering and storing visitor information on external sites, phishers also link photos to targeted projects.
When the hacker was about to steal the visitor’s data, they would execute multiple attack scripts on the victim, granting them access to the victim’s access logs, authorizations, plug-in wallet usage, and sensitive data. Such as confessional records and sigdata of the victim.
All of this information then permits the hacker to gain access to the victim’s wallet, exposing all of their digital valuables.
Slow Mist highlighted, that this is simply the “tip of the iceberg,” as the research examined only a small percentage of the documents and retrieved some of the phishing characteristics of the North Korean hackers.
For instance, SlowMist noted that a single phishing address was able to leverage 1,055 NFTs and 300 ETH, valued at $367,000, by utilizing its phishing method.
It stated that the same North Korean APT outfit was also responsible for the Naver phishing effort, which was initially reported on March 15 by Prevailion.
In 2022, North Korea was at the focus of numerous cryptocurrency theft activities.
According to a study issued on December 22 by the National Intelligence Service (NIS) of South Korea, North Korea stole $620 million worth of cryptocurrencies in 2018.
The National Police Agency of Japan issued a warning to the nation’s crypto-asset enterprises in October, advising them to be wary of a North Korean hacking group.
