In the latest report on NFT scams, North Korean hackers have been found to be behind a major phishing scam targeting NFT holders.
SlowMist, a Blockchain security company, reports that the hackers used as many as 500 phishing domains to lure victims. The majority of these websites were replicas of well-known NFT platforms like OpenSea and X2Y2.
- North Korea’s Lazarus Group is suspected of running a massive phishing campaign targeting non-fungible token investors (NFTs).
- On December 24, blockchain security company Slow Mist released a report on how North Korean Advanced Persistent Threat (APT) groups try to prevent NFT investors from receiving their NFTs.
What exactly is the North Korea NFT phishing scam?
SlowMist claimed in a report published on December 24 that hackers linked to North Korea’s Lazarus Group were behind a massive NFT phishing scam. Typically, North Korean Advanced Persistent Threat (APT) groups used bogus websites to sell “malicious mints” to investors.
To explain, the websites entice victims by claiming to be minting legitimate NFTs. When they connect their wallets to the website, the hackers gain access to them and can drain them as they wish.
How do hackers steal NFTs?
SlowMist discovered several unique NFT phishing traits used by North Korean groups. For example, phishing websites would record visitor data and save it to external sites. Then, they would run various “attack scripts” to access sensitive information such as victim’s access records, wallet addresses, authorizations, approve records, and big data. Using this information, North Korean hackers can drain victims’ wallets.
Then, most of the sites used the same Internet Protocol (IP). Moreover, they used multiple tokens, such as WETH, USDC, and DAI, in their phishing attacks. Additionally, one phishing address, in particular, was responsible for a major number of transactions.
Slow Mist stressed that this is just the “tip of the iceberg,” as the study only examined a small percentage of the documents and retrieved some of the North Korean hackers’ phishing characteristics.
“The hacker was able to receive a total of 1,055 NFTs and made off with a profit of approximately 300 ETH through their sales,” the report added.
It claimed that the same North Korean APT group was also behind the Naver phishing campaign. The study was first reported by Prevailion on March 15.
North Korea was the focus of numerous cryptocurrency theft activities in 2022.
According to a study released on December 22 by South Korea’s National Intelligence Service (NIS), North Korea stole $620 million in cryptocurrency in 2018.
In October, the National Police Agency of Japan issued a warning to the country’s crypto-asset enterprises. It also advises them to be wary of a North Korean hacking group.
Subscribe to the NFT Lately newsletter to receive news covering the latest NFT-related drops, releases, reviews, and more.