Phishing Campaign with Ties to North Korea Targets NFT Users
- Security experts in South Korea claim North Korea backs hackers as it tries to raise more funds following sanctions on its economy.
- Hackers have looted more than $1 billion from crypto projects in 2022 alone.
Crypto analysts and researchers have discovered a phishing campaign by hackers with ties to North Korea that preys on NFT users buying tokens on popular marketplaces like OpenSea, X2Y2, and Rarible. According to the discoveries, users purchase supposed legitimate NFTs on these platforms, and are redirected to scam sites to complete the minting process.
However, these websites tried to collect vital data from the minting process, including IP addresses, and authorizations. Users were allegedly tricked into performing authorizing actions such as sending their Seaport signature, which is required to confirm NFT contracts created on OpenSea.
The scam initiative has allegedly been going on for some months. Researchers claim that there are over 500 domains operating these kinds of “malicious mints”. The early domains were reportedly created earlier this year. Additionally, the large bulk of these domains shared the same IP address and earned the hackers a profit of $366,000.
Hackers have devised various schemes this year, and North Korea has been traced to some of the biggest hacks on crypto platforms this year. South Korea’s main intelligence service noted that cybercriminals with ties to North Korea have robbed about $1.2 billion in the past five years.
North Korea is said to have turned to cybercrime as a means of generating income following U.N. sanctions imposed in 2016 and 2017 as a result of the country’s nuclear program. North Korea has been unable to profit from its resources and seems to have backed hackers to bring in extra income.