Hackers associated with North Korean Lazarus Group are carrying out massive phishing attacks that allegedly target NFT investors. Hackers are said to have used almost 500 phishing domains to scam victims.
Blockchain security company of SlowMist Its December 24 report shows that North Korean Advanced Persistent Threat (APT) groups are using fake websites disguised as NFT-related platforms and projects to separate NFT investors from their NFTs.
Fake websites include a site claiming to be associated with the World Cup, a site pretending to be OpenSea, and sites faking popular NFT marketplaces like X2Y2 and Rarible.
According to SlowMist, “malicious NFT prints” are widely used on these fake websites. Victims link their wallets to the website, thinking that NFT will indeed be printed.
But these NFTs are actually fake and the hacker gains access to the victim’s wallet.
The report also revealed that most phishing sites operate with the same IP. The mentioned 372 NFTs operate under a single IP, while the remaining 320 NFT phishing sites operate under another IP.
Phishing site example. Source: SlowMist
The report found that the earliest registered IP address was seven months ago.