Hackers have created decoy websites posing as NFT marketplaces, NFT projects, and even a DeFi platform.
Hackers associated with North Korea’s Lazarus Group are believed to be behind a massive phishing campaign targeting non-fungible token (NFT) investors, using nearly 500 phishing domains to fool victims .
Blockchain security firm SlowMist released a report on Dec. 24 revealing the tactics North Korean Advanced Persistent Threat (APT) groups have used to separate NFT investors from their NFTs, including decoy websites classified as a variety of NFT-related platforms and projects are camouflaged.
Examples of these fake websites include a website claiming to be a World Cup-related project and websites posing as well-known NFT marketplaces such as OpenSea, X2Y2, and Rarible.
According to SlowMist, one of the tactics used is to trick these baiting websites into offering “rogue currencies”, meaning that victims believe they are hitting a legitimate NFT by connecting their wallet to the website.
However, the NFT is actually fraudulent and the victim’s wallet remains vulnerable to the hacker who now has access to it.
The report also revealed that many phishing websites operated under the same Internet Protocol (IP), with 372 NFT phishing websites connected under one IP and another 320 NFT phishing websites connected to another IP.
An example of a phishing website Source: SlowMist
SlowMist said the phishing campaign has been going on for several months, noting that the first registered domain name arrived about seven months ago.
Other phishing tactics used include logging visitor data and backing it up on external websites, and associating images with target projects.
Once the hacker was about to get the visitor’s data, they ran various attack scripts on the victim, which allowed the hacker to access the victim’s access records, permissions and plug-in wallet usage, as well as sensitive data. B. Victim Permission Record and sigData.
All this information then allows the hacker to gain access to the victim’s wallet, exposing all of their digital assets.
However, SlowMist pointed out that this is just the “tip of the iceberg” as the analysis only looked at a small portion of the documents and extracted “some” of the hackers’ phishing characteristics. North Koreans.
For example, SlowMist pointed out that a single phishing address alone can earn 1,055 NFTs and enjoy 300 Ethers.
ETH
ticker below
$1,220
, worth $367,000 thanks to his phishing tactic.
He added that the same North Korean APT group was also responsible for the Naver phishing campaign previously documented by Prevailion on March 15.
See Also: Blockchain Security Company Warns of New MetaMask Phishing Campaign
North Korea has been at the center of various cryptocurrency theft crimes in 2022.
North Korea has stolen $620 million worth of cryptocurrency this year alone, according to a report released by South Korea’s National Intelligence Service (NIS) on Dec. 22.
In October, Japan’s National Police Agency issued a warning to crypto-asset firms in the country, advising them to beware of the North Korean hacking group.
