North Korea Becomes Epicentre for NFT Thefts via 500 Phishing Domains: SlowMist

The report has highlighted that this NFT stealth campaign has been going on for months.

Written by Radhika Parashar, Edited by Siddharth Suvarna | Updated: 26 December 2022 14:09 IST

North Korea Becomes Epicentre for NFT Thefts via 500 Phishing Domains: SlowMist

Photo Credit: Larva Labs

The hacker records visitors’ info to an external domain and conducts the hack

Highlights

Cyber criminals from N. Korea have been infamous for crypto scams
Lazarous Group has been staling NFTs for the last seven month
The hackers leave the victim’s wallet susceptible to more attacks

North Korea's notorious Lazarous Group, infamous for triggering cyber-attacks, has yet again come under the limelight, for striking the NFT sector with back-to-back strikes. The group of hackers have launched around 500 phishing domains using which, they are duping unsuspecting victims, who are also enthusiastic NFT buyers. The claims against the Lazarous Group have been noted in the recent report by SlowMist, a blockchain security firm. The report has highlighted that this NFT stealth campaign has been going on for months with the earliest malicious domain having been registered around May-June.

NFTs or non-fungible tokens are blockchain-built digital collectibles, most of which are also functional in compatible metaverse experiences. More often than not, NFTs are valuable and their blockchain-based creation transfers the complete ownership of these virtual collectibles to the buyers and are held in crypto wallets.

The Lazarous Group has been deploying ‘decoy websites' pretending to be legit NFT projects, to get them to engage with these infected sites.

OpenSea Visitors Being Duped by ‘Gasless Sales’: Harpie

“Phishing websites will record visitor data and save it to external sites. The hacker records visitors' information to an external domain through an HTTP GET request. Our investigation revealed that the hackers utilised multiple tokens, such as WETH, USDC, DAI, and UNI, etc. in their phishing attacks,” said the official post from SlowMist.

One technique involved creating fake NFT-related websites with malicious Mints to steal NFTs. They used nearly 500 different domain names and sold them on platforms such as @OpenSea, @X2Y2, and @rarible.

One of the earliest incidents can be traced back to 7 months ago. pic.twitter.com/4COsMuR80x
— SlowMist (@SlowMist_Team) December 24, 2022

This year, despite not having been ideally profitable for the NFT industry, did manage to see several scammers flocking to the sector to conduct attacks.

Last week, for instance, anti-theft platform Harpie said that a new kind of scam is looming over the visitors of OpenSea, that offers ‘gasless sales' on the platform and eventually redirects the victims to phishing sites.

Brazil Gets Crypto Laws, Industry Players Get 180 Days to Comply: Details

As part of the reportedly ongoing scam, hackers are tricking people to sign an unreadable message. Gasless NFTs are likely to attract first-time buyers signature request.

In its report, SlowMist has said that North Korea's Advanced Persistent Threat (APT) groups have been leaving the wallets of the victims susceptible to more hack attacks.

:rotating_light:SlowMist Security Alert:rotating_light:

North Korean APT group targeting NFT users with large-scale phishing campaign

This is just the tip of the iceberg. Our thread only covers a fraction of what we've discovered.

Let's dive in pic.twitter.com/DeHq1TTrrN
— SlowMist (@SlowMist_Team) December 24, 2022

Not just traditional phishing, but scammers have been using the ice-phishing technique also, to steal themselves digital collectibles, useable in the Web3 sector.

Last week, 14 NFTs of the expensive and famous Bored Apes Yacht Club (BAYC) collection, were stolen in an ice-phishing attack.

Ice phishing scams are cyber-attacks that manoeuvre Web3 users into manually signing and approving permissions that allow notorious actors to spend their tokens.

In traditional phishing scams, hackers manage to steal private keys or passwords by luring in unsuspecting people into clicking on malicious links or having them visit infected fake websites.

Will crypto tax hurt the industry in India? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Cryptocurrency, NFT, Phishing, Ice Phishing, Scam

Radhika Parashar

Email Radhika

Radhika Parashar is a senior correspondent for Gadgets 360. She has been reporting on tech and telecom for the last three years now and will be focussing on writing about all things crypto. Besides this, she is a major sitcom nerd and often replies in Chandler Bing and Michael Scott references. For tips or queries you could reach out to her at RadhikaP@ndtv.com. More