North Korean Hackers Target NFT Holders in Phishing Attacks, Steal Ether and Over 1,000 NFTs

North Korean Hackers Target NFT Holders in Phishing Attacks, Steal Ether and Over 1,000 NFTs

Hackers connected to the infamous North Korea Lazarus Group have reportedly been carrying out massive phishing campaigns targeting non-fungible tokens (NFT) investors. This has led to the theft of over 1,000 NFTs and Ether.

North Korean Hackers Target NFT Holders

SlowMist, a blockchain security company, began investigating the North Korean Advanced Persistent Threat (APT) group in September. This came after a Twitter user identified as PhantomXSec mentioned that they were behind phishing attacks on multiple Ethereum and Solana NFT projects.

The investigation showed that the group had nearly 500 domain names used for phishing campaigns, some of which were registered over seven months ago. 

According to  SlowMist’s report, a wallet linked to one of the phishing websites received 1,055 NFTs and made a profit of approximately 300 ETH through sales.

The Growing Threat of North Korea

North Korea is becoming a major threat to the crypto industry. The reclusive state backs cybercriminals to loot funds to cope with harsh UN sanctions and support its frail economy.

According to the report, these APT-liked websites acted as NFT-related platforms tricking victims into believing they were minting a legitimate NFT by connecting their wallet to the website. This left investors with fake NFTs and unprotected wallets.

On the Flipside

  • SlowMist also identified some form of collaboration between North Korean and Eastern Europe hackers, as the wallet linked with the NFT hacks interacted with several risky addresses in the region.

Why You Should Care

The investigation also demonstrates the increased threat from North Korea, which we reported had stolen over $1.2 billion worth of crypto assets since 2017.

The recent report on North Korea’s hacks is covered in;

North Korean Hackers Have Stolen $1.2 Billion in Crypto Funds Since 2017, Says South Korea

You can also read about one of their earlier targets in:

North Korean Hackers Aim Their Crypto Attacks at DeFi

Back to Top
Close Zoom
Don't push your luck