North Korean state-sponsored threat actors find novel ways to steal cryptocurrency.
Hackers from the Democratic People’s Republic of Korea (DPRK) set up hundreds of phishing websites, impersonating popular non-fungible token (NFT) platforms and decentralized finance (DeFi) marketplaces.
According to blockchain security firm SlowMist, Advanced Persistent Threat (APT) groups from North Korea created fake NFT-related decoy websites with malicious mints, later selling the fakes on platforms such as OpenSea, X2Y2, and Rarible.
A ‘malicious mint’ is a hazardous practice as users connect their crypto wallets with a recently purchased NFT, thinking it’s legitimate, thus providing threat actors access to their funds.
Researchers claim that the campaign North Korean threat actors developed consisted of nearly 500 domain names, demonstrating the scale of the state-sponsored effort to obtain funds via cybercrime.
The earliest domain in operation was registered in May 2022. Threat actors likely tried to bank on the NFT craze, which shows how quickly DPRK hackers can adapt to new tech trends.
SlowMist researchers said attackers would also record who visited the fake websites they set up and run attack scripts against victims. The state-sponsored scam provided threat actors with sensitive data, such as authorization and access records, enabling threat actors to breach crypto wallets.
According to the report, the scam was highly profitable for hackers. For example, hackers made a profit of 300 Ethereum coins worth over $367k from a single victim.
North Korean hackers
North Korea employs cybercrime to finance its dictatorship, which runs a country mostly closed off from the outside world.
While researchers at SlowMist don’t specify the exact group behind the attack, Lazarus Group is a financially motivated state-sponsored DPRK threat actor.
According to Chainalysis, North Korea launched at least seven attacks on cryptocurrency platforms that extracted nearly $400m worth of digital assets last year. This year, researchers claim, North Korea-linked groups have stolen close to $1b worth of crypto from various DeFi protocols.
A United Nations panel of experts monitoring North Korea’s sanctions has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions.
More from Cybernews:
Subscribe to our newsletter