BlocksInform
Blockchain security company SlowMist said the North Korean hacker group was responsible for large-scale crypto and NFT phishing attacks that net the group roughly 300 ETH.
According to the , the SlowMist began its investigations of the group in September after Twitter user PhantomXSec mentioned that the group was behind phishing attacks on multiple Ethereum projects.
Slowmist's analysis of several group-related phishing sites showed that one of his main tactics was to create fake NFT-related luring sites with malicious spears. The group uses nearly 500 domain names for its phishing campaigns, including some that were registered more than seven months ago.
Wallet Linked to the Group Stole 1055 NFTs, Net 300 ETH
SlowMist revealed that a linked to one of the phishing websites of the group received a total of 1,055 NFTs and made a profit of approximately 300 ETH through sales. The report states that the portfolio was originally funded by binance. The report added that the portfolio has interacted with multiple addresses at risk.
Additionally, several of the NFT phishing sites share the same host IP. There were 372 DTV sites with only one IP address and 320 other phishing sites with another IP address.
Looking at the central code of phishing sites, SlowMist found that hackers used multiple tokens, such as WETH, USDC, and UNI, for the attack. Hackers typically concentrate on luring users to perform "approval" operations.
But they sometimes go a little further to encourage victims to "execute sea port and permit signatures, as well as other clearance activities." SlowMist also discovered a platform run by the North Korean hackers
Meanwhile, the security firm also identified some form of collaboration between North Korean and Eastern Europe hackers.
North Korea with crypto-piracy.
South Korea’s spy agency North Korea-backed hackers have reportedly over $1 billion worth of crypto assets since 2017. According to the report, government-backed malevolent gamblers stole half of the money in 2022 alone.
South Korean agency has stated that North Korea depends on crypto-piracy activities of its nuclear program and also to support its fragile economy.
A number of reports have linked groups of North Korean hackers such as Lazarus to major registered in the industry this year. The group is reportedly responsible for the $100 million Harmony bridge exploit and the over $600 million exploit of Axie Infinitie’s Ronin bridge.
