Hackers have created fraudulent websites posing as NFT marketplaces, NFT services, and even DeFi platforms.
Hackers linked to North Korea’s Lazarus group are believed to be running a massive phishing campaign targeting non-fungible token (NFT) investors – using nearly 500 phishing domains to deceive affected people.
Blockchain security firm SlowMist released a report on December 2. 24, revealing the various methods North Korea’s Advanced Persistent Threat (APT) has used to separate NFT investors from their NFTs, including fraudulent websites masquerading as numerous NFT-related platforms and services.
Examples of these fake websites include sites claiming to be World Cup-related services, and sites featuring popular NFT exchanges such as OpenSea, X2Y2, and Rarible. SlowMist said that one of the methods used is to trick these fraudulent websites into offering “bad money”, which involves tricking victims into thinking they are mining legitimate NFTs by linking their wallets. on the website.
However, NFTs are actually fraudulent and that person’s wallet is left vulnerable to a hacker who now has access. The report also revealed that many phishing websites operate under the same Internet Protocol (IP), with 372 NFT phishing websites under one IP and another 320 NFT phishing websites linked to another IP.
SlowMist said the phishing campaign had been going on for months, noting that the first domain name registered arrived about seven months ago. Other phishing techniques used include logging visitor data and uploading it to remote sites, as well as attaching images to the target image.
Once the hacker wanted to access the host’s data, he proceeded to perform various attacks on the victim, which allowed the hacker to gain access to the victim’s records, authorization and use of deposits, and sensitive data such as incident support records in sigData. All of this information allows the hacker to gain access to the person’s wallet, revealing all their digital assets.
However, SlowMist said that this is only the “tip of the iceberg”, as the investigation looked at a small part of the document and released “some” of the phishing characteristics of the hackers. North Koreans for example, SlowMist pointed out that a single phishing address can earn 1,055 NFT and enjoy 300 Ether ETH ($1,220), which is worth $367,000, thanks to his tricks.
He added that the same North Korean APT group was also responsible for the Naver phishing campaign that Prevailion posted earlier on March 15. North Korea is in the midst of various cryptocurrency theft crimes in 2022.
According to a report published by the South Korean National Intelligence Service (NIS) on December 22, North Korea stole $620 million worth of cryptocurrencies this year alone. In October, Japan’s national police issued a warning to crypto-asset companies in the country advising them to be wary of North Korean hacking groups.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up