North Korean hackers stealing NFTs using nearly 500 phishing domains

Published at: Dec. 26, 2022

Hackers linked to North Korea’s Lazarus Group are reportedly behind a massive phishing campaign targeting non-fungible token (NFT) investors — utilizing nearly 500 phishing domains to dupe victims.

Blockchain security firm SlowMist released a report on Dec. 24, revealing the tactics that North Korean Advanced Persistent Threat (APT) groups have used to part NFT investors from their NFTs, including decoy websites disguised as a variety of NFT-related platforms and projects.

Examples of these fake websites include a site pretending to be a project associated with the World Cup, as well as sites that impersonate well-known NFT marketplaces such as OpenSea, X2Y2 and Rarible.

SlowMist said one of the tactics used was having these decoy websites offer “malicious Mints,” which involves deceiving the victims into thinking they are minting a legitimate NFT by connecting their wallet to the website.

However, the NFT is actually fraudulent, and the victim’s wallet is left vulnerable to the hacker who now has access to it.

The report also revealed that many of the phishing websites operated under the same Internet Protocol (IP), with 372 NFT phishing websites under a single IP, and another 320 NFT phishing websites associated with another IP.

SlowMist said the phishing campaign has been ongoing for several months, noting that the earliest registered domain name came about seven months ago.

Other phishing tactics used included recording visitor data and saving it to external sites as well as linking images to target projects.

After the hacker was about to obtain the visitor's data, they would then proceed to run various attack scripts on the victim, which would allow the hacker access to the victim’s access records, authorizations, use of plug-in wallets, as well as sensitive data such as the victim’s approve record and sigData.

All this information then enables the hacker access to the victim’s wallet, exposing all their digital assets.

However, SlowMist emphasized that this is just the “tip of the iceberg," as the analysis only looked at a small portion of the materials and extracted “some” of the phishing characteristics of the North Korean hackers.

SlowMist Security Alert North Korean APT group targeting NFT users with large-scale phishing campaign This is just the tip of the iceberg. Our thread only covers a fraction of what we've discovered. Let's dive in pic.twitter.com/DeHq1TTrrN

— SlowMist (@SlowMist_Team) December 24, 2022

For example, SlowMist highlighted that just one phishing address alone was able to gain 1,055 NFTs and profit 300 ETH, worth $367,000, through its phishing tactics.

It added that the same North Korean APT group was also responsible for the Naver phishing campaign that was previously documented by Prevailion on Mar. 15.

Related: Blockchain security firm warns of new MetaMask phishing campaign

North Korea has been at the center of various cryptocurrency theft crimes in 2022.

According to a news report published by South Korea’s National Intelligence Service (NIS) on Dec 22, North Korea stole $620 million worth of cryptocurrencies this year alone.

In October, Japan’s National Police Agency sent out a warning to the country’s crypto-asset businesses advising them to be cautious of the North Korean hacking group.

Tags
Nft
Related Posts
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
5 sneaky tricks crypto phishing scammers used last year: SlowMist
Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and trojan malware spread on messaging app Discord. It comes after the security firm recorded a total of 303 blockchain security incidents in the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to a Jan. 9 SlowMist blockchain security report. Malicious browser bookmarks One of the phishing strategies makes use of bookmark managers, a feature in most modern browsers. SlowMist said scammers have been exploiting these to ultimately gain …
Blockchain / Jan. 10, 2023
Poly Network hacker returns less than 1% of the $600M theft
These transfers have occurred across the three wallets associated with the Poly Network hacker across the Ethereum, Binance Smart Chain (BSC) and Polygon networks. Poly Network confirmed receipt of the returned funds via a tweet issued on Tuesday. Details from Etherscan show that $2 million worth of Shiba Inu (SHIB) and $616,000 in Fei USD (FEI) tokens are being returned. So far, we have received a total value of $4,772,297.675 assets returned by the hacker. ETH address: $2,654,946.051 BSC address: $1,107,870.815 Polygon address: $1,009,480.809 pic.twitter.com/bPFAQk4mvS — Poly Network (@PolyNetwork2) August 11, 2021 Data from BscScan also shows the hacker returning …
Ethereum / Aug. 11, 2021
Hackers takeover Azuki’s Twitter account, steal over $750K in less than 30 minutes
Azuki, a popular nonfungible token (NFT) project, had its Twitter account compromised on Jan. 27 leading to hackers stealing over $750,000 worth of USD Coin (USDC) by posting a malicious “wallet drainer link” posed as a virtual land mint. Hackers stole $751,321.80 USDC from a single wallet within half an hour of the malicious links being tweeted, according to Etherscan data provided to Cointelegraph by crypto wallet security firm Wallet Guard. The data also revealed that hackers stole a further $6,752.62 worth of USDC from various wallets holding 11 NFTs and over 3.9 Ether (ETH). Wallet Guard stated that the …
Nft / Jan. 28, 2023
Security team creates dashboard to detect potential NFT hacks in OpenSea
A wallet security team released a real-time dashboard that lets community members detect, track and monitor potential nonfungible token (NFT) hacks using offline signatures in the OpenSea marketplace. According to the team behind crypto wallet ZenGo, they created an NFT hack detector using a simple method. This includes tracking realized NFT trades in the NFT marketplace and comparing the trade amount of the NFT collection’s floor price. If the ratio between the two trade values is suspiciously low, it will get flagged as a potential hack. At the time of writing, the dashboard flagged almost $25 million worth of NFTs …
Nft / Feb. 22, 2023