North Korean hackers stealing NFTs utilizing almost 500 phishing domains

Hackers linked to North Korea’s Lazarus Group are reportedly behind an enormous phishing marketing campaign focusing on nonfungible token (NFT) buyers — using almost 500 phishing domains to dupe victims.

Blockchain safety agency SlowMist launched a report on Dec. 24, revealing the ways that North Korean Superior Persistent Menace (APT) teams have used to half NFT buyers from their NFTs, together with decoy web sites disguised as quite a lot of NFT-related platforms and initiatives.

Examples of those pretend web sites embody a website pretending to be a challenge related to the World Cup, in addition to websites that impersonate well-known NFT marketplaces reminiscent of OpenSea, X2Y2 and Rarible.

SlowMist mentioned one of many ways used was having these decoy web sites provide “malicious Mints,” which entails deceiving the victims into considering they’re minting a authentic NFT by connecting their pockets to the web site.

Nonetheless, the NFT is definitely fraudulent, and the sufferer’s pockets is left weak to the hacker who now has entry to it.

The report additionally revealed that lots of the phishing web sites operated below the identical Web Protocol (IP), with 372 NFT phishing web sites below a single IP and one other 320 NFT phishing web sites related to one other IP.

An instance phishing web site Supply: SlowMist

SlowMist mentioned the phishing marketing campaign has been ongoing for a number of months, noting that the earliest registered area identify took place seven months in the past.

Different phishing ways used included recording customer information and saving it to exterior websites in addition to linking photographs to focus on initiatives.

After the hacker was about to acquire the customer’s information, they might then proceed to run numerous assault scripts on the sufferer, which might permit the hacker entry to the sufferer’s entry information, authorizations and use of plug-in wallets, in addition to delicate information such because the victims’ approve report and sigData.

All this data then permits the hacker entry to the sufferer’s pockets, exposing all their digital property.

Nonetheless, SlowMist emphasised that that is simply the “tip of the iceberg,” because the evaluation solely checked out a small portion of the supplies and extracted “some” of the phishing traits of the North Korean hackers.

For instance, SlowMist highlighted that only one phishing deal with alone was capable of achieve 1,055 NFTs and revenue 300 Ether (ETH), price $367,000, by way of its phishing ways.

It added that the identical North Korean APT group was additionally accountable for the Naver phishing marketing campaign that was beforehand documented by Prevailion on March 15.

Associated: Blockchain safety agency warns of latest MetaMask phishing marketing campaign

North Korea has been on the middle of varied cryptocurrency theft crimes in 2022.

In keeping with a information report printed by South Korea’s Nationwide Intelligence Service (NIS) on Dec 22, North Korea stole $620 million price of cryptocurrencies this 12 months alone.

In October, Japan’s Nationwide Police Company despatched out a warning to the nation’s crypto-asset companies advising them to be cautious of the North Korean hacking group.