© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

DPRK hackers steal NFTs using phishing websites

North Korean state-sponsored threat actors find novel ways to steal cryptocurrency.

Hackers from the Democratic People’s Republic of Korea (DPRK) set up hundreds of phishing websites, impersonating popular non-fungible token (NFT) platforms and decentralized finance (DeFi) marketplaces.

According to blockchain security firm SlowMist, Advanced Persistent Threat (APT) groups from North Korea created fake NFT-related decoy websites with malicious mints, later selling the fakes on platforms such as OpenSea, X2Y2, and Rarible.

A ‘malicious mint’ is a hazardous practice as users connect their crypto wallets with a recently purchased NFT, thinking it’s legitimate, thus providing threat actors access to their funds.

Researchers claim that the campaign North Korean threat actors developed consisted of nearly 500 domain names, demonstrating the scale of the state-sponsored effort to obtain funds via cybercrime.

The earliest domain in operation was registered in May 2022. Threat actors likely tried to bank on the NFT craze, which shows how quickly DPRK hackers can adapt to new tech trends.

SlowMist researchers said attackers would also record who visited the fake websites they set up and run attack scripts against victims. The state-sponsored scam provided threat actors with sensitive data, such as authorization and access records, enabling threat actors to breach crypto wallets.

According to the report, the scam was highly profitable for hackers. For example, hackers made a profit of 300 Ethereum coins worth over $367k from a single victim.

North Korean hackers

North Korea employs cybercrime to finance its dictatorship, which runs a country mostly closed off from the outside world.

While researchers at SlowMist don’t specify the exact group behind the attack, Lazarus Group is a financially motivated state-sponsored DPRK threat actor.

According to Chainalysis, North Korea launched at least seven attacks on cryptocurrency platforms that extracted nearly $400m worth of digital assets last year. This year, researchers claim, North Korea-linked groups have stolen close to $1b worth of crypto from various DeFi protocols.

According to the FBI, DPRK hackers were behind the Ronin hack. Meanwhile, researchers believe that Lazarus Groups was behind the $100m hack of another crypto exchange, Harmony.

A United Nations panel of experts monitoring North Korea’s sanctions has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions.

More from Cybernews:

AI startup spills employee data and corporate secrets

Crooks steal $8 million from Bitkeep wallets

We repel up to 10 Russian cyberattacks daily, Ukraine says

New EU rules could see the return of "easily" replaceable phone batteries

Privacy-minded DuckDuckGo engine will now block Google Sign-in pop-ups

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked