"DPRK Hackers Steal NFTs Using Phishing Websites"

Hackers from the Democratic People's Republic of Korea (DPRK) created hundreds of phishing websites that imitate popular Non-Fungible Token (NFT) platforms and Decentralized Finance (DeFi) marketplaces. According to the blockchain security firm SlowMist, Advanced Persistent Threat (APT) groups from North Korea established fake NFT-related decoy websites with malicious mints, which were subsequently sold on platforms including OpenSea, X2Y2, and Rarible. A malicious mint is a dangerous practice in which consumers connect their cryptocurrency wallets to a recently purchased NFT, believing it to be authentic and granting access to their cash to threat actors. According to researchers, the North Korean threat actors' campaign consisted of approximately 500 domain names, revealing the scope of the state-sponsored endeavor to gain revenue through cybercrime. The first operational domain was registered in May 2022. Threat actors appear to have attempted to capitalize on the growing NFT popularity, showing how rapidly DPRK hackers adapt to new technologies. Researchers from SlowMist stated that attackers would also record who visited the fake websites they created and execute attack scripts against victims. The state-sponsored campaign provided threat actors with sensitive data, such as authorization and access records, allowing them to compromise cryptocurrency wallets. According to the team, the scheme was lucrative for cybercriminals. For instance, hackers stole 300 Ethereum tokens valued at over $367k from a single victim. This article continues to discuss DPRK hackers using NFT-related phishing websites to steal cryptocurrency.

Cybernews reports "DPRK Hackers Steal NFTs Using Phishing Websites"