Tuesday, February 7, 2023
HomeNFTNorth Korea Hackers Using Roughly 500 Phishing Websites To Steal NFTs

North Korea Hackers Using Roughly 500 Phishing Websites To Steal NFTs

There have been reports that hackers with ties to North Korea’s Lazarus Group are behind a huge phishing effort aimed at investors in non-fungible tokens (NFTs). This campaign is said to have used roughly 500 phishing sites to trick victims.

SlowMist, a blockchain security company, published a report on December 24 revealing the strategies that North Korean Advanced Persistent Threat (APT) groups have used to separate NFT investors from their NFTs. One of these strategies is to use fake websites that look like different platforms and projects related to NFT.

Some examples of these fake websites include a website that pretends to be a project associated with the World Cup, as well as websites that impersonate well-known NFT marketplaces like OpenSea, X2Y2, and Rarible. Another example of one of these fake websites is a website that pretends to be a site that is related to the Olympics.

According to SlowMist, one of the strategies that was used was to have these fake websites provide “malicious mints.” This strategy entails tricking users into believing that they are minting a genuine NFT by linking their wallet to the website in question. However, the NFT is really a false transaction, and the hacker, who now has access to the victim’s wallet, is left with the ability to steal funds from it.

The investigation also found that many of the phishing websites used the same Internet Protocol (IP), with 372 NFT phishing websites operating under a single IP and another 320 NFT phishing websites affiliated with another IP. This information was gleaned through the analysis of the phishing websites. According to SlowMist, the phishing effort has been going on for a number of months, and they noted that the earliest registered domain name was around seven months ago.

Phishing attempts also linked photos to target projects and recorded visitor data, storing it on third-party websites. These are only two of the many methods that were tried. After the hacker was about to obtain the visitor’s data, they would then proceed to run various attack scripts on the victim, which would allow the hacker access to the victim’s access records, authorizations, use of plug-in wallets, and sensitive data such as the victim’s approved record and sigData. After the hacker had obtained the visitor’s data, they would then proceed to run various attack scripts on the victim. After obtaining all of this information, the hacker is able to get access to the victim’s wallet and see all of the victim’s digital assets.

Related Posts:

To get daily updates & trending news on crypto follow us on:

Facebook:- https://www.facebook.com/CryptoShrypto/

Instagram:-  https://www.instagram.com/cryptoshrypto_/?hl=en

Twitter:-  https://twitter.com/cryptoshrypto1

Youtube:-  https://www.youtube.com/channel/UCdAOUEQ3L_eYjU_NMDA1zxg

Reporter
Reporter
Jeewan Singh is CryptoShrypto’s content writer and a seasoned writer with over two years of experience in writing about Indian Securities Market. Jeewan's participation in Blockchain and Cryptocurrency started in late 2020, and he hasn't looked back since. The technical and economic outcomes of cryptocurrency are what spark his curiosity, and he keeps one eye on the market.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular