NFT users targeted by North Korean hackers in large-scale phishing operation

NFT users targeted by North Korean hackers in large-scale phishing operation

The phishing campaign has been going on for some time; the earliest registered domain name was about seven months ago.

Non-fungible token (NFT) holders are now being targeted by hacker group Lazarus. The North Korean group is reportedly involved in a massive phishing campaign that involved nearly 500 phishing domains set up to trick victims.

On December 24, blockchain security company SlowMist published a report outlining the tactics used by North Korean Advanced Persistent Threat (APT) groups to defraud NFT investors. One of the methods involved the use of fake websites posing as various NFT-related platforms and projects, according to Cointelegraph.

These scam websites include one that presents itself as a project related to the World Cup. There are also sites that mimic popular NFT marketplaces such as OpenSea, X2Y2 and Rarible.

One of the strategies, according to SlowMist, is to allow these fake sites to offer “malicious coins,” tricking users into thinking they are making real NFTs by linking their wallet to the site. NFT is essentially a scam and as a result the victim’s wallet is open to attack by the hacker who now has access to it.

The analysis also showed that a large number of phishing sites shared the same Internet Protocol (IP), with 372 NFT phishing sites sharing a single IP and another 320 NFT phishing sites using a different IP.

According to SlowMist, the phishing campaign has been going on for a while; the earliest registered domain name was about seven months ago. In addition to linking images to target projects, other phishing techniques used included collecting visitor information and storing it on external websites.

The hacker would then use various attack scripts on the victim after obtaining the visitor’s data, giving them access to the victim’s access records, authorizations, use of plug-in wallets, and sensitive data such as the victim’s authentication record and sigData.

The hacker can then gain access to the victim’s wallet using all of this information, exposing all of their digital assets. SlowMist emphasized that this is simply the “tip of the iceberg,” as the research only addressed a small percentage of the materials and only “some” of the North Korean hackers’ phishing capabilities.

For example, SlowMist pointed out that one phishing address alone was able to steal 300 ETH ($367,000) and 1,055 NFTs using the phishing techniques. The firm also stated that the Naver phishing effort, which was originally reported by Prevailion on March 15, was carried out by the same North Korean APT group.

TokenPost | [email protected]

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *