North Korea Becomes Epicentre for NFT Thefts via 500 Phishing Domains: SlowMist

The report has highlighted that this NFT stealth campaign has been going on for months.

North Korea Becomes Epicentre for NFT Thefts via 500 Phishing Domains: SlowMist

Photo Credit: Larva Labs

The hacker records visitors’ info to an external domain and conducts the hack

  • Cyber criminals from N. Korea have been infamous for crypto scams
  • Lazarous Group has been staling NFTs for the last seven month
  • The hackers leave the victim’s wallet susceptible to more attacks

North Korea's notorious Lazarous Group, infamous for triggering cyber-attacks, has yet again come under the limelight, for striking the NFT sector with back-to-back strikes. The group of hackers have launched around 500 phishing domains using which, they are duping unsuspecting victims, who are also enthusiastic NFT buyers. The claims against the Lazarous Group have been noted in the recent report by SlowMist, a blockchain security firm. The report has highlighted that this NFT stealth campaign has been going on for months with the earliest malicious domain having been registered around May-June.

NFTs or non-fungible tokens are blockchain-built digital collectibles, most of which are also functional in compatible metaverse experiences. More often than not, NFTs are valuable and their blockchain-based creation transfers the complete ownership of these virtual collectibles to the buyers and are held in crypto wallets.

The Lazarous Group has been deploying ‘decoy websites' pretending to be legit NFT projects, to get them to engage with these infected sites.

Phishing websites will record visitor data and save it to external sites. The hacker records visitors' information to an external domain through an HTTP GET request. Our investigation revealed that the hackers utilised multiple tokens, such as WETH, USDC, DAI, and UNI, etc. in their phishing attacks,” said the official post from SlowMist.

This year, despite not having been ideally profitable for the NFT industry, did manage to see several scammers flocking to the sector to conduct attacks.

Last week, for instance, anti-theft platform Harpie said that a new kind of scam is looming over the visitors of OpenSea, that offers ‘gasless sales' on the platform and eventually redirects the victims to phishing sites.

As part of the reportedly ongoing scam, hackers are tricking people to sign an unreadable message. Gasless NFTs are likely to attract first-time buyers signature request.

In its report, SlowMist has said that North Korea's Advanced Persistent Threat (APT) groups have been leaving the wallets of the victims susceptible to more hack attacks.

Not just traditional phishing, but scammers have been using the ice-phishing technique also, to steal themselves digital collectibles, useable in the Web3 sector.

Last week, 14 NFTs of the expensive and famous Bored Apes Yacht Club (BAYC) collection, were stolen in an ice-phishing attack.

Ice phishing scams are cyber-attacks that manoeuvre Web3 users into manually signing and approving permissions that allow notorious actors to spend their tokens.

In traditional phishing scams, hackers manage to steal private keys or passwords by luring in unsuspecting people into clicking on malicious links or having them visit infected fake websites.

Will crypto tax hurt the industry in India? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.

For details of the latest launches and news from Samsung, Xiaomi, Realme, OnePlus, Oppo and other companies at the Mobile World Congress in Barcelona, visit our MWC 2024 hub.

Radhika Parashar
Radhika Parashar is a senior correspondent for Gadgets 360. She has been reporting on tech and telecom for the last three years now and will be focussing on writing about all things crypto. Besides this, she is a major sitcom nerd and often replies in Chandler Bing and Michael Scott references. For tips or queries you could reach out to her at More
Honor X7a to Get 6.7-Inch HD+ Display, More Specifications, Design Surface: Report
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News


Follow Us


© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »