NFTs are being stolen by North Korean hackers

by Dec 26, 2022CryptoNews0 comments

The hackers constructed fake websites that looked like NFT projects, NFT markets, and even a DeFi platform.

Nearly 500 phishing sites are being used by hackers connected to North Korea’s Lazarus Group in a large phishing effort that targets investors in nonfungible tokens (NFT).

On December 24, the blockchain security company SlowMist published a study outlining the methods used by North Korean APT organizations to separate NFT investors from their NFTs, including bogus websites impersonating various NFT-related platforms and initiatives.

These fraudulent websites include one that presents itself as a World Cup initiative and others that mimic popular NFT markets like OpenSea, X2Y2, and Rarible.

One of the strategies, according to SlowMist, is to have these fake websites provide “malicious Mints,” which trick the users into believing they are minting real NFTs by linking their wallets to the website.

The NFT is essentially a scam, and as a result, the victim’s wallet is open to attack by the hacker who now has access to it.

The analysis also showed that a large number of phishing websites shared the same Internet Protocol (IP), with 372 NFT phishing websites sharing a single IP and another 320 NFT phishing websites using a different IP.

According to SlowMist, the phishing campaign has been going on for a while; the earliest registered domain name was made roughly seven months ago.

Other phishing techniques utilized included storing visitor data on external websites and recording it, as well as attaching photos to the projects that were being targeted.

The hacker would then utilize other attack scripts on the victim after obtaining the visitor’s data, giving them access to the victim’s access records, authorizations, and usage of plug-in wallets, as well as sensitive data like the victim’s, approve records and sigData.

See also  Malware by Google Ads drains an NFT influencer's whole crypto wallet

The hacker may then access the victim’s wallet using all this information, revealing all of their digital assets.

SlowMist stressed that this is simply the “tip of the iceberg,” since the research only considered a tiny percentage of the materials and only “some” of the North Korean hackers’ phishing traits.

For instance, SlowMist said that one phishing address alone was able to benefit 300 Ether and 1,055 NFTs, totaling $367,000, using its phishing techniques.

It also stated that the Naver phishing effort, which was originally reported by Prevailing on March 15, was carried out by the same North Korean APT outfit.

In 2022, North Korea was the target of many thefts of cryptocurrencies.

The National Intelligence Service (NIS) of South Korea said on December 22 that North Korea had stolen cryptocurrency worth $620 million just this year.

The National Police Agency of Japan issued a warning to the nation’s crypto-asset enterprises in October, cautioning them to be wary of the North Korean hacking outfit.

Recent News

Recent Posts

Disclaimer: The information provided on this website is for informational purposes only. We strive to ensure the accuracy and reliability of the content, but we make no representations or warranties of any kind, express or implied, regarding the completeness, accuracy, reliability, suitability, or availability of the information. The use of this website is solely at your own risk.
We do not endorse or promote any specific cryptocurrencies, projects, exchanges, or investments mentioned on this website. The inclusion of any external links does not imply endorsement or recommendation.
Please note that the cryptocurrency market is highly volatile and involves substantial risks. You should carefully consider your own financial situation and risk tolerance before engaging in any cryptocurrency-related activities.

Related Post


Submit a Comment

Your email address will not be published. Required fields are marked *