Hackers connected to the infamous North Korea Lazarus Group have reportedly been carrying out massive phishing campaigns targeting non-fungible tokens (NFT) investors. This has led to the theft of over 1,000 NFTs and Ether.
North Korean Hackers Target NFT Holders
SlowMist, a blockchain security company, began investigating the North Korean Advanced Persistent Threat (APT) group in September. This came after a Twitter user identified as PhantomXSec mentioned that they were behind phishing attacks on multiple Ethereum and Solana NFT projects.
The investigation showed that the group had nearly 500 domain names used for phishing campaigns, some of which were registered over seven months ago.
According to SlowMist’s report, a wallet linked to one of the phishing websites received 1,055 NFTs and made a profit of approximately 300 ETH through sales.
The Growing Threat of North Korea
North Korea is becoming a major threat to the crypto industry. The reclusive state backs cybercriminals to loot funds to cope with harsh UN sanctions and support its frail economy.
According to the report, these APT-liked websites acted as NFT-related platforms tricking victims into believing they were minting a legitimate NFT by connecting their wallet to the website. This left investors with fake NFTs and unprotected wallets.
On the Flipside
- SlowMist also identified some form of collaboration between North Korean and Eastern Europe hackers, as the wallet linked with the NFT hacks interacted with several risky addresses in the region.
Why You Should Care
The investigation also demonstrates the increased threat from North Korea, which we reported had stolen over $1.2 billion worth of crypto assets since 2017.
The recent report on North Korea’s hacks is covered in;
You can also read about one of their earlier targets in: