North Korea Hacker Group Nets 300 ETH From Phishing 1k NFTs

Blockchain security company Slow Mist said the North Korean APT hacker group was responsible for a massive crypto and NFT phishing attack that netted the group approximately 300 ETH.

According to the report, Slow Mist began its investigation into the group in September after Twitter user PhantomXsec noted that the group was behind phishing attacks on several Ethereum and Solana projects.

Analysis of several phishing sites linked to SlowMist’s group revealed that one of its primary tactics was to create fake NFT-related decoy sites with malicious mints. The group has around 500 domain names that it uses for its phishing campaigns, some of which were registered as early as seven months ago.

Wallet affiliated with group steals 1055 NFTs, net 300 ETH

SlowMist revealed that a wallet linked to one of the group’s phishing websites received a total of 1,055 NFTs and made a profit of around 300 ETH through the sale. As per the report, the wallet was initially funded through Binance. The report states that the wallet interacted with a number of compromised addresses.

north korea nft hacker wallet
Source: Slow Mist

Additionally, many NFT phishing sites share the same host IP. There were 372 NFT sites under one IP and 320 phishing sites under another IP.

By examining the core code of the phishing sites, Slow Mist found that the hackers used multiple coins such as WETH, USDC, DAI, and UNI to carry out the attack. Hackers usually focus on enticing users to perform “approved” operations.

But they sometimes go a step further to induce victims to “sign ports and permits, as well as other authorized activities.” SlowMist also discovered a DeFi platform run by North Korean hackers

Meanwhile, the security firm also identified some form of collaboration between North Korean and Eastern European hackers.

North Korea and crypto hacks

South Korea’s spy agency said that North Korea-backed hackers have allegedly stolen more than $1 billion in crypto assets since 2017. As per the report, state-backed malicious players have stolen half that amount in 2022 alone.

The South Korean agency said that North Korea relies on crypto-hacking activities to fund its nuclear program and support its fragile economy.

Multiple reports have linked North Korean hacker groups such as Lazarus to the major hacks recorded in the industry this year. The group is reportedly responsible for the $100 million Harmony Bridge exploit and the over $600 million exploit of Axi Infinity’s Ronin Bridge.


BeInCrypto has reached out to the company or the person involved in the story for an official statement regarding the recent development, but has yet to hear back.

Source link

Leave a Comment