Skip to content

North Korean Hackers Target NFT Investors with Phishing Campaign

Hackers linked to North Korea’s Lazarus Group are reportedly behind a massive phishing campaign targeting nonfungible token (NFT) investors.

Typing with a keyboard while gloves on
Typing with a keyboard while gloves on

Blockchain security firm SlowMist released a report revealing that the hackers have used nearly 500 phishing domains to deceive victims.

The hackers created decoy websites disguised as a variety of NFT-related platforms and projects, including well-known NFT marketplaces and a project associated with the World Cup. These fake websites offer "malicious Mints," tricking victims into thinking they are minting a legitimate NFT by connecting their wallet to the website. In reality, the NFT is fraudulent and the victim’s wallet is left vulnerable to the hacker.

North Korean Hackers Conduct Phishing Campaign Targeting Digital Assets

The report also revealed that many of the phishing websites operated under the same Internet Protocol (IP). SlowMist noted that the phishing campaign has been ongoing for several months, with the earliest registered domain name dating back seven months. In addition to creating decoy websites, the hackers used tactics such as recording visitor data and linking images to target projects.

After obtaining visitor data, the hackers would run various attack scripts on the victim, allowing them access to the victim’s access records, authorizations, and plug-in wallets, as well as sensitive information such as approved records and sigData. This enables the hacker to access the victim’s wallet and expose all their digital assets. SlowMist emphasized that this is just the "tip of the iceberg," as the analysis only looked at a small portion of materials and extracted "some" of the phishing characteristics of the North Korean hackers.

North Korea has been involved in numerous cryptocurrency theft crimes in 2022. According to South Korea’s National Intelligence Service, North Korea stole $620 million worth of cryptocurrencies this year alone. In October, Japan’s National Police Agency warned crypto-asset businesses in the country to be cautious of the North Korean hacking group.

North Korean APT Group Responsible for Previous Naver Phishing Campaign

In addition to the recent phishing campaign targeting NFT investors, the same North Korean Advanced Persistent Threat (APT) group has also been linked to the Naver phishing campaign documented by Prevailion on March 15th.

The APT group has been successful in its phishing tactics, with just one phishing address alone gaining 1,055 NFTs and profiting 300 Ether, worth $367,000.

It is important for individuals and businesses to be vigilant against phishing attacks and to take steps to protect themselves and their assets. This includes being cautious of unexpected emails and links, using strong and unique passwords, and keeping software and security protocols up to date.