North Korean Hackers Stealing NFTs Using 500 Phishing Domains

North Korean hackers linked to cybercrime group 'Lazarus Group' are behind a massive phishing campaign targeting non-fungible token (NFT) investors, using around 500 phishing domains to dupe victims, a new report said.

The strategies used by the North Korean Advanced Persistent Threat (APT) groups to distract NFT investors from their NFTs, such as the use of fake websites that appear to be various NFT-related platforms and projects, Cointelegraph quoted the report as saying.

These fake websites included one that presented itself as a World Cup project and others that impersonated popular NFT marketplaces like OpenSea, X2Y2 and Rarible.

The use of "malicious Mints" which tricked the victims into thinking they are minting a real NFT by connecting their wallet to the website, was one of the strategies implemented.

The report also showed that a large number of phishing websites shared the same Internet Protocol (IP), with 372 NFT phishing websites sharing a single IP and another 320 NFT phishing websites using a different IP.

Other phishing techniques used included saving visitor data to external websites and recording it, as well as attaching photos to the projects that were being targeted.

One phishing address alone was able to get 1,055 NFTs and profit 300 Ethereum (ETH), worth $367,000, through its phishing tactics, the report said.