Hackers linked to North Korea’s Lazarus Group are reportedly behind a large phishing marketing campaign concentrating on non-fungible token (NFT) traders — using nearly 500 phishing domains to dupe victims.
Blockchain safety agency SlowMist launched a report on Dec. 24, revealing the techniques that North Korean Advanced Persistent Threat (APT) teams have used to half NFT traders from their NFTs, together with decoy web sites disguised as quite a lot of NFT-related platforms and initiatives.
Examples of those pretend web sites embrace a website pretending to be a undertaking related to the World Cup, in addition to websites that impersonate well-known NFT marketplaces corresponding to OpenSea, X2Y2 and Rarible.
SlowMist mentioned one of many techniques used was having these decoy web sites supply “malicious Mints,” which entails deceiving the victims into considering they’re minting a professional NFT by connecting their pockets to the web site.
However, the NFT is definitely fraudulent, and the sufferer’s pockets is left susceptible to the hacker who now has entry to it.
The report additionally revealed that most of the phishing web sites operated beneath the identical Internet Protocol (IP), with 372 NFT phishing web sites beneath a single IP, and one other 320 NFT phishing web sites related to one other IP.
SlowMist mentioned the phishing marketing campaign has been ongoing for a number of months, noting that the earliest registered area title happened seven months in the past.
Other phishing techniques used included recording customer knowledge and saving it to exterior websites in addition to linking pictures to focus on initiatives.
After the hacker was about to acquire the customer’s knowledge, they might then proceed to run numerous assault scripts on the sufferer, which might permit the hacker entry to the sufferer’s entry data, authorizations, use of plug-in wallets, in addition to delicate knowledge such because the sufferer’s approve file and sigData.
All this data then permits the hacker entry to the sufferer’s pockets, exposing all their digital belongings.
However, SlowMist emphasised that that is simply the “tip of the iceberg,” as the analysis only looked at a small portion of the materials and extracted “some” of the phishing characteristics of the North Korean hackers.
SlowMist Security Alert
North Korean APT group concentrating on NFT customers with large-scale phishing marketing campaign
This is simply the tip of the iceberg. Our thread solely covers a fraction of what we have found.
Let’s dive in pic.twitter.com/DeHq1TTrrN
— SlowMist (@SlowMist_Team) December 24, 2022
For instance, SlowMist highlighted that only one phishing deal with alone was in a position to achieve 1,055 NFTs and revenue 300 ETH, value $367,000, by means of its phishing techniques.
It added that the identical North Korean APT group was additionally accountable for the Naver phishing marketing campaign that was beforehand documented by Prevailion on Mar. 15.
Related: Blockchain safety agency warns of recent MetaMask phishing marketing campaign
North Korea has been on the heart of varied cryptocurrency theft crimes in 2022.
According to a information report printed by South Korea’s National Intelligence Service (NIS) on Dec 22, North Korea stole $620 million value of cryptocurrencies this yr alone.
In October, Japan’s National Police Agency despatched out a warning to the nation’s crypto-asset companies advising them to be cautious of the North Korean hacking group.
