North Korea Hacker Group Net 300 ETH From Phishing 1k NFTs

Blockchain security company SlowMist said the North Korean APT hacker group was responsible for large-scale crypto and NFT phishing attacks netting the group approximately 300 ETH.

According to the report, SlowMist began its investigations into the group in September after Twitter user PhantomXSec mentioned that the group was behind phishing attacks on several Ethereum and Solana projects.

SlowMist’s analysis of several phishing websites linked to the group showed that one of its primary tactics was to create fake NFT-related decoy pages with malicious coins. The group has nearly 500 domain names that it uses for its phishing campaigns, some of which were registered over seven months ago.

Wallet associated with the group stole 1055 NFTs, net 300 ETH

SlowMist revealed that a wallet connected to one of the phishing sites of the group received a total of 1,055 NFTs and made a profit of approximately 300 ETH through sales. According to the report, the wallet was originally funded through Binance. The report added that the wallet interacted with several risky addresses.

North Korea NFT Hacker Wallet
Source: SlowMist

In addition, several of the NFT phishing sites share the same host IP. There were 372 NFT sites under a single IP and another 320 phishing sites under another IP.

By examining the core code of the phishing sites, SlowMist discovered that the hackers used several tokens, such as WETH, USDC, DAI, and UNI, for the attack. The hackers usually focus on luring users to perform “Approve” operations.

But sometimes they go a step further to get victims to “perform Seaport and Permit signatures, as well as other authorizing activities.” SlowMist also discovered a DeFi platform run by the North Korean hackers

Meanwhile, the security firm also identified some form of cooperation between North Korean and Eastern European hackers.

North Korea and Crypto Hacks

South Korea’s spy agency said North Korea-backed hackers have allegedly stolen over $1 billion in crypto assets since 2017. According to the report, the state-backed malicious players stole half of that amount in 2022 alone.

The South Korean agency said North Korea relies on crypto-hacking activities to fund its nuclear program and also to support its fragile economy.

Several reports have linked North Korean hacking groups such as Lazarus to major hacks recorded in the industry this year. The group is reportedly responsible for the $100 million Harmony bridge and the over $600 million exploitation of Axie Infinities’ Ronin bridge.

Disclaimer

BeInCrypto has reached out to the company or person involved in the story for an official statement on the latest development, but has yet to hear back.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *