According to reports, hackers linked to North Korea’s Lazarus Group are behind a huge phishing campaign that targeted NFT investors. They used nearly 500 phishing domains to fool victims.
SlowMist, a blockchain security firm, released a report on Dec. 24 that revealed the methods North Korean Advanced Persistent Risk (APT) groups use to seize NFT investors. This included decoy websites disguised under a variety of NFT-related projects and platforms.
These fake websites include sites that pretend to be associated with the World Cup and sites that impersonate well-known NFT marketplaces like OpenSea, X2Y2, or Rarible.
One method was to have these decoy websites offer “malicious Mints.” This involves tricking victims into believing they are creating a legitimate NFT by linking their wallets to the website. The NFT is fraudulent, and the victim’s money is now at risk.
It was also discovered that many of these phishing sites are operating under the same Internet Protocol. There were 372 NFT websites operating under one IP and 320 other NFT websites associated with another IP.
The phishing campaign has been ongoing for several months. It also noted that the oldest domain name registered was seven months ago.
Another phishing tactic was to record visitor data, save it to external sites, and link images to target projects. Once the hacker had obtained the visitor’s data, they would run several attack scripts against the victim.
This would give the hacker access to the victim’s authorizations, access records, and use of plug-in wallets, as well as sensitive information such as the victim’s approved record, sigData, and authorized record.
This information allows the hacker to access the victim’s wallet and expose all their digital assets. This was only the tip of the iceberg, as the analysis only examined a small number of materials and “some” of North Korean hackers’ phishing characteristics.
A single phishing address could gain 1,055 NFTs and 300 ETH through its phishing techniques. This is worth $367,000. The report also stated that the Naver Phishing Campaign was carried out by the same North Korean APT group previously documented on Mar. 15.
In 2022, various cryptocurrency theft crimes were committed in North Korea. According to South Korea’s National Intelligence Service (NIS), North Korea stole $620 Million worth of cryptocurrency this year.
Japan’s National Police Agency warned crypto-asset companies in October, advising them to be careful of the North Korean hacking group.