North Korean hackers deploy nearly 500 phishing domains to steal millions worth of NFTs: report

Getting your Trinity Audio player ready...

North Korean hackers are in the spotlight again, and this time, it is over the theft of millions of dollars worth of non-fungible tokens (NFTs).

A report from cybersecurity firm Slowmist uncovered a new tactic used by hackers linked to North Korea’s Lazarus Group. These Advanced Persistent Threat (APT) groups have been discovered to use fake websites to steal digital collectibles from unsuspecting investors.

The hackers use decoy websites that impersonate leading NFT platforms like OpenSea, Rarible, and even projects linked to the FIFA World Cup, according to the report. The bad actors made use of nearly 500 phishing websites, with the earliest being registered in May, and in seven months, over $10 million worth of NFTs have been pilfered.

One decoy website generated profits of $367,000 after stealing a total of 1,055 NFTs. Slowmist suggested that during its investigations, it identified a collaboration between Eastern European hacking groups and North Korean bad actors.

Slowmist says the fake websites steal users’ sensitive data, and with the ingenious use of malware through “malicious mints,” North Korean hackers are able to steal NFTs. The cybersecurity firm confirmed that it could not assess the scheme’s true scale and suggests that the ploy runs deeper.

“For confidentiality and privacy reasons, this article only analyzed a small portion of the NFT phishing materials and extracted some phishing characteristics of the North Korean hackers,” says Slowmist. “However, this is just the tip of the iceberg.”

To prevent falling victim to phishing attacks, Slowmist advises NFT holders to “strengthen their understanding of security knowledge,” which in turn will help them spot potential red flags in a website.

Busy year for North Korea’s bad actors

North Korean hackers have had a busy 2022 marked by a profitable virtual currency crime spree. A recent report from South Korea’s National Intelligence Service (NIS) notes that North Korea’s hacking groups have pilfered over $600 million dollars worth of digital assets since the start of the year.

Lazarus Group, one of the most prolific hacking groups operating out of the country, was identified as the main culprit in the attraction of digital asset funds using a new version of the AppleJeus malware.

“We are seeing more complex attacks wherein the threat actor shows great knowledge and preparation, taking steps to gain their target’s trust before deploying payloads,” said Microsoft.

Japanese law enforcement agencies sent a public advisory to citizens over the activities of North Korean hackers after it traced a string of attacks to Lazarus Group.

Watch: The BSV Global Blockchain Convention presentation, Sentinel Node: Blockchain Tools to Improve Cybersecurity