Skip to main content

Hackers from North Korea are stealing NFTs using almost 500 different phishing domains.

 

Hackers from North Korea are stealing NFTs using almost 500 different phishing domains.

The cybercriminals established dummy websites that posed as legitimate NFT marketplaces, NFT projects, and even a DeFi platform.

There have been reports that hackers with ties to North Korea's Lazarus Group are behind a massive phishing campaign aimed at investors in nonfungible tokens (NFTs). This campaign is said to have used nearly 500 phishing domains to trick victims.

SlowMist, a blockchain security company, published a report on December 24 revealing the strategies that North Korean Advanced Persistent Threat (APT) groups have used to separate NFT investors from their NFTs. These strategies include the use of decoy websites that are disguised as a variety of different NFT-related platforms and projects.

Some examples of these fake websites include a website that pretends to be a project associated with the World Cup, as well as websites that impersonate well-known NFT marketplaces like OpenSea, X2Y2, and Rarible. Another example of one of these fake websites is a website that pretends to be a site that is related to the Olympics.

According to SlowMist, one of the strategies that was implemented was to have these decoy websites offer "malicious Mints." This strategy involves tricking victims into believing that they are minting a genuine NFT by connecting their wallet to the website in question.

However, the NFT is actually a fraudulent transaction, and the hacker, who now has access to the victim's wallet, is left with the ability to steal funds from it.

The report also found that many of the phishing websites shared the same Internet Protocol (IP), with 372 NFT phishing websites operating under a single IP and another 320 NFT phishing websites associated with another IP. This information was gleaned from the analysis of the phishing websites.

According to SlowMist, the phishing campaign has been going on for a number of months, and they noted that the earliest registered domain name was approximately seven months ago.

Phishing attempts also linked images to target projects and recorded visitor data, saving it on third-party websites. These are just two of the many methods that were used.

After the hacker was about to obtain the visitor's data, they would then proceed to run various attack scripts on the victim, which would allow the hacker access to the victim's access records, authorizations, and use of plug-in wallets, in addition to sensitive data such as the victim's approve record and sigData. After the hacker had obtained the visitor's data, they would then proceed to run various attack scripts on the victim..net/YwotbKdP4sVunJGfdhmgww/e8f260a6-84bf-4222-a093-e1ef14e44c00/

After obtaining all of this information, the hacker is able to gain access to the victim's wallet and view all of the victim's digital assets.

However, SlowMist emphasized that this is just "the tip of the iceberg," as the analysis only looked at a small portion of the materials and extracted "some" of the phishing characteristics of the North Korean hackers. This was due to the fact that the analysis only looked at a small portion of the materials.

For instance, SlowMist highlighted the fact that just one phishing address was able to gain 1,055 NFTs and profit 300 Ether, which is equivalent to a profit of $367,000 through the use of its phishing techniques.

It was also revealed that the same North Korean APT group was responsible for the phishing attack against Naver, which had been documented by Prevailion on March 15.

In the year 2022, North Korea was the target of a number of different theft crimes involving cryptocurrencies.

According to a report that was released by the National Intelligence Service (NIS) of South Korea on December 22, North Korea is responsible for the theft of cryptocurrencies worth a total of $620 million just this year.

In October, Japan's National Police Agency issued a cautionary message to the country's crypto-asset businesses, advising them to exercise extreme caution around the hacking group associated with North Korea.

Comments

Popular posts from this blog

In 2023, the pace of economic growth in Malaysia is expected to slow.

Economists predicted Thursday that the Malaysian economy would stall in 2023 due to difficult external conditions and weakening domestic demand. According to Xinhua News Agency, Maybank Investment Bank Research predicted in a report that Malaysia's full-year growth would slow to 4% in 2023 from an earlier projection of 8%. This slowdown would be caused by a reduction in domestic demand. The consequences of rising inflation and interest rates on the cost of living and real disposable income are expected to dampen private consumption growth next year, according to the research firm. It also predicts a slowing of the rate of increase in private consumption to match the reduced level of funding for government operations that is included in the Budget 2023. It also noted that reduced expectations for global economic development would lead to falling exports and imports. MIDF Research, on the other hand, predicts that Malaysia's GDP growth would decrease to 4.2% in 2023, mostly due t...

Argentina advances to the World Cup final in Qatar thanks to Messi brilliance.

The seats were full even before the athletes entered the field for pre-game warm-up. A fortunate 88,966 folks managed to secure the hottest ticket in town. They came to the magnificent Lusail stadium on Tuesday night to watch Argentina play Croatia. They had came anticipating to watch Lionel Messi, the small player with the number 10 on his Argentina shirt, put on another legendary performance. Fans attend Argentina's games in this tournament hoping to see Messi perform, and he did not dissapoint. Croatia set the pace for the first 30 minutes of the semifinal game, moving the ball around and attempting to disrupt the Argentinian set-up. The Albicelestes supporters weren't as rowdy as they had been during past games. Only the most ardent supporters dared to raise their voices since there was tension in the air. This reflectiveness was expected given that Croatia defeated the South Americans 3-0 in their World Cup match. Messi walked around for the majority of the opening 30 minu...

NFT Lending Protocol Bend DAO Propose Emergency Changes!

Bend DAO's dev team regrets underestimating how illiquid NFTs could be in a bear market when setting initial parameters. Bend DAO's developers proposed emergency measures Monday to stabilize the ecosystem. The same day, the project had just 15 wrapped Ether (wETH) worth $23,715 to repay lenders. The mechanism lent 15,000 ETH. Bend Dao's development team suggested limiting collateral liquidation to 70% of loan value, down from 85%, to avoid a credit crisis. Next, its platform will reduce NFT auctions from 48 to 4 hours. The requirement that Bend DAO's minimum bid price be 95% of OpenSea's floor price would be removed. Loan rates will drop from 100% to 20%. Finally, BendDAO's treasury could cover bad debts with revenue. Even among reputable collections, falling NFT floor prices in the bear market have put many NFTs in danger of liquidation as interest rates soar. As interest rates on "debt-secured" NFTs skyrocket to nearly 100%, some users may find it mo...