Hackers linked to North Korea’s Lazarus Group are reportedly behind a massive phishing campaign targeting non-fungible token (NFT) investors — utilizing nearly 500 phishing domains to dupe victims.
Blockchain security firm SlowMist released a report on Dec. 24, revealing the tactics that North Korean Advanced Persistent Threat (APT) groups have used to part NFT investors from their NFTs, including decoy websites disguised as a variety of NFT-related platforms and projects.
Examples of these fake websites include a site pretending to be a project associated with the World Cup, as well as sites that impersonate well-known NFT marketplaces such as OpenSea, X2Y2 and Rarible.
SlowMist said one of the tactics used was having these decoy websites offer “malicious Mints,” which involves deceiving the victims into thinking they are minting a legitimate NFT by connecting their wallet to the website.
However, the NFT is actually fraudulent, and the victim’s wallet is left vulnerable to the hacker who now has access to it.
The report also revealed that many of the phishing websites operated under the same Internet Protocol (IP), with 372 NFT phishing websites under a single IP, and another 320 NFT phishing websites associated with another IP.
SlowMist said the phishing campaign has been ongoing for several months, noting that the earliest registered domain name came about seven months ago.
Other phishing tactics used included recording visitor data and saving it to external sites as well as linking images to target projects.
After the hacker was about to obtain the visitor’s data, they would then proceed to run various attack scripts on the victim, which would allow the hacker access to the victim’s access records, authorizations, use of plug-in wallets, as well as sensitive data such as the victim’s approve record and sigData.
All this information then enables the hacker access to the victim’s wallet, exposing all their digital assets.
However, SlowMist emphasized that this is just the “tip of the iceberg,” as the analysis only looked at a small portion of the materials and extracted “some” of the phishing characteristics of the North Korean hackers.
SlowMist Security Alert
North Korean APT group targeting NFT users with large-scale phishing campaign
This is just the tip of the iceberg. Our thread only covers a fraction of what we’ve discovered.
Let’s dive in pic.twitter.com/DeHq1TTrrN
— SlowMist (@SlowMist_Team) December 24, 2022
For example, SlowMist highlighted that just one phishing address alone was able to gain 1,055 NFTs and profit 300 ETH, worth $367,000, through its phishing tactics.
It added that the same North Korean APT group was also responsible for the Naver phishing campaign that was previously documented by Prevailion on Mar. 15.
Related: Blockchain security firm warns of new MetaMask phishing campaign
North Korea has been at the center of various cryptocurrency theft crimes in 2022.
According to a news report published by South Korea’s National Intelligence Service (NIS) on Dec 22, North Korea stole $620 million worth of cryptocurrencies this year alone.
In October, Japan’s National Police Agency sent out a warning to the country’s crypto-asset businesses advising them to be cautious of the North Korean hacking group.
Credit: Source link
Bitcoin 
Ethereum 
Tether 
XRP 
BNB 
USDC 
Lido Staked Ether 
TRON 
Dogecoin 
Cardano 
Figure Heloc 
WhiteBIT Coin 
Wrapped stETH 
Bitcoin Cash 
Wrapped Bitcoin 
Wrapped Beacon ETH 
USDS 
Chainlink 
Wrapped eETH 
Binance Bridged USDT (BNB Smart Chain) 
LEO Token 
WETH 
Stellar 
Zcash 
Monero 
Hyperliquid 
Coinbase Wrapped BTC 
Ethena USDe 
Litecoin 
Sui 
Avalanche 
Hedera 
Shiba Inu 
sUSDS 
USDT0 
Dai 
Mantle 
Toncoin 
World Liberty Financial 
PayPal USD 
Cronos 
Ethena Staked USDe 
Uniswap 
Polkadot 
Aave 
MemeCore 
Bittensor 
USD1 
Canton 
Rain