North Korean hackers linked to the Lazarus Group are allegedly behind a large phishing campaign targeting NFTs investors.
On December 24, the blockchain security company SlowMist published a study outlining the methods used by North Korean APT organizations to separate NFT investors from their NFTs, including bogus websites impersonating various NFT-related platforms and initiatives.
These fraudulent websites include one that presents itself as a World Cup initiative and others that mimic popular NFT marketplaces like OpenSea, X2Y2, and Rarible.
One of the strategies, according to SlowMist, is to have these fake websites provide “malicious Mints,” which trick the users into believing they are minting real NFTs by linking their wallets to the website.
The NFT is essentially a scam, and as a result, the victim’s wallet is open to attack by the hacker who now has access to it.
The analysis also showed that a large number of phishing websites shared the same Internet Protocol (IP), with 372 NFT phishing websites sharing a single IP and another 320 NFT phishing websites using a different IP.
The phishing campaign, according to SlowMist, has been going on for a while; the earliest registered domain name was roughly seven months ago.
Along with attaching photographs to target projects, other phishing techniques utilized included gathering visitor information and saving it to external websites.
The hacker would then employ different attack scripts on the victim after obtaining the visitor’s data, giving them access to the victim’s access records, authorizations, use of plug-in wallets, and sensitive data such the victim’s approve record and sigData.
The hacker can then access the victim’s wallet using all this information, exposing all of their digital assets.
SlowMist stressed that this is simply the “tip of the iceberg,” as the research only considered a small percentage of the materials and only “some” of the North Korean hackers’ phishing traits.
For instance, SlowMist pointed out that one phishing address alone was able to benefit 300 ETH ($367,000) and 1,055 NFTs ($367,000) using its phishing techniques.
It also stated that the Naver phishing effort, which was originally reported by Prevailion on March 15, was carried out by the same North Korean APT outfit.
In 2022, North Korea was the target of numerous thefts of cryptocurrencies.
The National Intelligence Service (NIS) of South Korea reported on December 22 that North Korea had stolen cryptocurrencies worth $620 million just this year.
The National Police Agency of Japan issued a warning to the nation’s crypto-asset enterprises in October, cautioning them to be wary of the North Korean hacking outfit.