An extensive phishing campaign run by hackers linked to the North Korea-based Lazarus group led to the theft of 1,055 NFTs, according to experts SlowMist.
Attackers created around 500 domains, posing as well-known marketplaces OpenSea, X2Y2 and Rarible, as well as a site dedicated to the World Cup. On these sites, users were offered a fake token mint, which in fact gave scammers access to the victim’s wallet.
The second scheme involved storing visitor data on external sites for subsequent attacks on connected wallets and the confidential information provided.
All phishing sites operated from two IP addresses.
According to SlowMist, the campaign began about seven months ago and continues to this day. The total damage from the attacks is unknown, but only one of the phishing addresses received 1,055 NFTs valued at 300 ETH ($367,000 at the time of the token sale).
Experts stressed that the real scale of NFT thefts could be higher, as they studied “only a small portion of materials” related to the North Korean hackers’ activity.
According to data from the National Intelligence Service of South Korea, North Korea alone stole cryptocurrencies worth $620 million in 2022.
Earlier in December, crypto investment firms were targeted by unidentified attackers through Telegram groups, used to communicate with the firms’ VIP clients. Security researchers linked these attacks to Lazarus.
Read ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analysis.