Nearly 500 phishing domains used by North Korean hackers to steal NFTs

Decoy websites were created impersonating NFT marketplaces, NFT projects, and even a DeFi platform.

Nearly 500 phishing domains used by North Korean hackers to steal NFTs

Decoy websites were created impersonating NFT marketplaces, NFT projects, and even a DeFi platform.

North Korean hackers are reportedly behind a massive phishing campaign targeting nonfungible token (NFT) investors using nearly 500 phishing domains.

Security firm SlowMist released a report on Dec. 24 detailing tactics used by North Korean Advanced Persistent Threat (APT) groups to separate NFT investors from their NFTs, including decoy websites disguised as NFT platforms.

In addition to impersonating well-known NFT marketplaces like OpenSea, X2Y2 and Rarible, some fake websites pretend to be World Cup-related projects.

By connecting the victims’ wallets to these decoy websites, SlowMist said one of the tactics used was to deceive them into thinking they were minting a legitimate NFT.

The NFT, however, is actually fraudulent, leaving the victim’s wallet vulnerable to the hacker.

It was also found that many of the phishing websites operated under the same Internet Protocol (IP), with 372 NFT phishing websites operating under one IP and another 320 under another IP.

SlowMist 

said the phishing campaign has been ongoing for several months, noting that the earliest registered domain name was seven months old.

Aside from recording visitor data and saving it to external sites, phishing tactics also included linking images to target projects.

As soon as the hacker has obtained the visitor’s data, he or she will run various attack scripts on the victim, giving the hacker access to the victim’s access records, authorizations, plug-in wallets, as well as sensitive data like the approve record and signature data of the victim.

The hacker then has access to the victim’s wallet, exposing all their digital assets.

SlowMist noted, however, that this is just the “tip of the iceberg,” as the analysis only examined a small portion of the materials and extracted “some” of their phishing characteristics.

In 2022, North Korea has been the center of several cryptocurrency theft crimes.

South Korea’s National Intelligence Service (NIS) reported on Dec 22 that North Korea stole $620 million worth of cryptocurrencies this year.

Japan’s National Police Agency warned its crypto-asset businesses in October to be cautious of North Korean hackers.