North Korean hackers have made over 300 ETH in profits after targeting NFT fans through phishing attacks. This is according to SlowMist, a blockchain security company investigating the group since September. The malicious group dubbed “APT Hacker Group” is believed to be sponsored by the state. It has amassed over $1 billion in illegal proceeds since 2017, with over half of that amount coming this year.
Their latest scam targeted NFT fans interacting with projects on various blockchains. The group would create decoy NFT-related websites that exposed users to malicious mints. This served as their primary tactic, according to SlowMist. To cast its net wide, the group had nearly 500 domain names that it used for phishing campaigns. And as SlowMist would find out, some of these domains were registered over seven months ago.
As mentioned earlier, SlowMist began investigating this hacker group back in September. All it took was a tweet from PhantomXSec. The user revealed the group was behind multiple attacks on Ethereum and Solana-based projects.
Wallet Linked To North Korean Hackers Stole Over 1000 NFTs
SlowMist discovered that one of the wallets linked to the hackers had received over 1055 NFTs. These would net the group over 300 ETH in profits after selling them. Upon further digging, SlowMist discovered this particular wallet was initially funded through Binance. And would proceed to interact with several risky addresses.
Interestingly, most of the phishing sites shared the same host IP address. For example, one IP had 372 and another had 320 phishing sites.
That said, the attacks focused on luring NFT holders to perform “Approve” operations. However, at times they would also trick them to “perform Seaport and Permit signatures, as well as other authorizing activities.”
SlowMist would also discover a DeFi platform run by the hacker group, plus a few ties with Eastern European hackers.