North Korean hackers created over 500 phishing domains to steal NFTs

SlowMist, a blockchain security company, has published a report in which it presented data on phishing attacks on cryptocurrency wallets over the past few months. North Korean hacker group Lazarus targeted non-fungible token (NFT) investors' wallets – attackers used more than 500 phishing addresses to steal digital assets, according to report. In addition, the experts found sites masquerading as popular NFT platforms such as OpenSea, Rarible and X2Y2, as well as sites related to the World Cup. One of the favorite tactics of hackers was the creation of sites that allegedly allow the user to issue their own token.. When a user connects his wallet to the site, the data immediately gets to the scammers. The experts noted that 372 phishing sites operated under the same IP, and another 320 were associated with a different IP. SlowMist reported that such attacks have been going on for more than half a year – the earliest registered domain name appeared seven months ago. One website managed to steal over 1,000 NFTs and 300 ETHs worth over $367,000. In addition, hackers used fake sites to collect user data, which they then used to attack crypto wallets on their own. Experts noted that their report presents a superficial view of the problem and in reality, hackers have many other tactics.. Earlier, South Korean intelligence published data for 2022, according to which North Korean hacker groups stole more than $620 million worth of cryptocurrencies, and $1.2 billion worth of assets have been stolen since 2017.