North Korean hackers linked to cybercrime group ‘Lazarus Group’ are behind a massive phishing campaign targeting non-fungible token (NFT) investors, using around 500 phishing domains to dupe victims, a new report said. The strategies used by the North Korean Advanced Persistent Threat (APT) groups to distract NFT investors from their NFTs, such as the use of fake websites that appear to be various NFT-related platforms and projects, Cointelegraph quoted the report as saying.
These fake websites included one that presented itself as a World Cup project and others that impersonated popular NFT marketplaces like OpenSea, X2Y2 and Rarible.
The use of “malicious Mints” which tricked the victims into thinking they are minting a real NFT by connecting their wallet to the website, was one of the strategies implemented.
ALSO READ: RobotEra, IMPT, Cocky: Top 2022 NFT Collections You Can Check Out
The report also showed that a large number of phishing websites shared the same Internet Protocol (IP), with 372 NFT phishing websites sharing a single IP and another 320 NFT phishing websites using a different IP.
Other phishing techniques used included saving visitor data to external websites and recording it, as well as attaching photos to the projects that were being targeted.
ALSO READ: Cristiano Ronaldo Launches NFT Collection On Binance: All You Need to Know
One phishing address alone was able to get 1,055 NFTs and profit 300 Ethereum (ETH), worth $367,000, through its phishing tactics, the report said.
Disclaimer: Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Cryptocurrency is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Cryptocurrency market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.