Hackers reportedly targeting NFTs using phishing domains

by Jonathan Adams
Blockchain security firm

Blockchain security firm SlowMist released a report on Dec. 24, revealing the tactics that North Korean Advanced Persistent Threat (APT) groups have used to part NFT investors from their NFTs

Hackers linked to North Korea’s Lazarus Group are reportedly behind a massive phishing campaign targeting non-fungible token (NFT) investors — utilizing nearly 500 phishing domains to dupe victims.

Blockchain security firm SlowMist released a report on Dec. 24, revealing the tactics that North Korean Advanced Persistent Threat (APT) groups have used to part NFT investors from their NFTs, including decoy websites disguised as a variety of NFT-related platforms and projects.

SlowMist said one of the tactics used was having these decoy websites offer ‘malicious Mints,’ which involves deceiving the victims into thinking they are minting a legitimate NFT by connecting their wallet to the website.

However, the NFT is actually fraudulent, and the victim’s wallet is left vulnerable to the hacker who now has access to it.

The report also revealed that many of the phishing websites operated under the same Internet Protocol (IP), with 372 NFT phishing websites under a single IP, and another 320 NFT phishing websites associated with another IP.

SlowMist said the phishing campaign has been ongoing for several months, noting that the earliest registered domain name came about seven months ago.

Other phishing tactics used included recording visitor data and saving it to external sites as well as linking images to target projects.

After the hacker was about to obtain the visitor’s data, they would then proceed to run various attack scripts on the victim, which would allow the hacker access to the victim’s access records, authorizations, use of plug-in wallets, as well as sensitive data such as the victim’s approve record and sigData.

All this information then enables the hacker access to the victim’s wallet, exposing all their digital assets.

However, SlowMist emphasized that this is just the ‘tip of the iceberg,’ as the analysis only looked at a small portion of the materials and extracted ‘some’ of the phishing characteristics of the North Korean hackers.

For example, SlowMist highlighted that just one phishing address alone was able to gain 1,055 NFTs and profit 300 ETH, worth $367,000, through its phishing tactics.

Disclaimer: The opinions expressed by our writers are their own and do not represent the views of Trading and Investment News. The information provided on Trading and Investment News is intended for informational purposes only. Trading and Investment News is not liable for any financial losses incurred. Conduct your own research by contacting financial experts before making any investment decisions.

Related Posts

    Sign up for our newsletter

    Get our latest downloads and information first. Complete the form below to subscribe to our weekly newsletter.

    © Copyright 2024-25
    Trading and Investment News.
    Managed By News Media International A Brand Of CAS Media Group Publishing Ltd whose registered office is – 12 Deer Park Road, Wimbledon, SW19 3TL.

    Latest articles