North Korean Phishing Scam Targets NFTs

In the latest report on NFT scams, North Korean hackers have been found to be behind a major phishing scam targeting NFT holders. According to Blockchain security firm, SlowMist, the hackers used as many as 500 phishing domains to lure unsuspecting victims. Most of these websites were duplicates of popular NFT platforms such as OpenSea and X2Y2.

Here’s all you need to know about the North Korean NFT phishing scam:

What is the North Korean NFT Phishing Scam?

In a report released on December 24, SlowMist alleged that hackers connected to North Korea’s Lazarus Group were behind a massive NFT phishing scam. Typically, the North Korean Advanced Persistent Threat (APT) groups used fake websites to offer investors “malicious mints”. 

To explain, the websites lure victims under the pretext of minting legitimate NFTs. Once they connect their wallets to the website, the hackers get access to the wallets and can drain them as they please. 

How do Hackers Steal NFTs?   

Furthermore, SlowMist discovered several unique NFT phishing traits used by the North Korean groups. For example, the phishing websites would record visitor data and save it to external sites. Then, they would run various “attack scripts” to access sensitive information such as victim’s access records, wallet addresses, authorizations, approve records, and sigData. Using this information, the North Korean hackers can drain victims’ wallets. 

Then, most of the sites used the same Internet Protocol (IP). Moreover, they used multiple tokens, such as WETH, USDC, and DAI, in their phishing attacks. Additionally, one phishing address, in particular, was responsible for a major number of transactions. 

“The hacker was able to receive a total of 1,055 NFTs and made off with a profit of approximately 300 ETH through their sales,” the report added. 

SlowMist’s findings on the North Korean NFT phishing scam further emphasise the need to take NFT security seriously.