N.Korean hackers steal NFTs using nearly 500 phishing domains: Report


Seoul, Dec 26 (IANS): North Korean hackers linked to cybercrime group 'Lazarus Group' are behind a massive phishing campaign targeting non-fungible token (NFT) investors, using around 500 phishing domains to dupe victims, a new report said.

The strategies used by the North Korean Advanced Persistent Threat (APT) groups to distract NFT investors from their NFTs, such as the use of fake websites that appear to be various NFT-related platforms and projects, Cointelegraph quoted the report as saying.

These fake websites included one that presented itself as a World Cup project and others that impersonated popular NFT marketplaces like OpenSea, X2Y2 and Rarible.

The use of "malicious Mints" which tricked the victims into thinking they are minting a real NFT by connecting their wallet to the website, was one of the strategies implemented.

The report also showed that a large number of phishing websites shared the same Internet Protocol (IP), with 372 NFT phishing websites sharing a single IP and another 320 NFT phishing websites using a different IP.

Other phishing techniques used included saving visitor data to external websites and recording it, as well as attaching photos to the projects that were being targeted.

One phishing address alone was able to get 1,055 NFTs and profit 300 Ethereum (ETH), worth $367,000, through its phishing tactics, the report said.

 

  

Top Stories


Leave a Comment

Title: N.Korean hackers steal NFTs using nearly 500 phishing domains: Report



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.