A wallet address associated with a suspected North Korean APT Group stole more than 1,000 NFTs from victims of phishing attacks and made 300 ETH ($365,000) from their sale, according to a report by blockchain security firm SlowMist.
APT stands for advanced persistent threat, cyber criminals who access internet networks and can remain undetected for long periods to steal data. These entities use various attack vectors such as phishing, and a few of them are reportedly sponsored by the North Korean government.
The SlowMist report said that North Korean APT Groups have been leading a massive NFT phishing campaign. Phishing is an attack method used by hackers in which they pretend to be reputable organizations in order to trick victims into revealing sensitive information. In the NFT space, such attacks can be modified with hackers posing as known NFT projects or marketplaces to deceive victims into signing malicious transactions that can lead to losing valuable NFTs from their wallets.
“The North Korean APT group targeted Crypto and NFT users with a phishing campaign using nearly 500 different domain names,” the report said. SlowMist identified one wallet address associated with the group that had stolen 1,055 NFTs. The wallet sold the items for 300 ETH ($365,000).
Several “blue chip” NFTs have been stolen in multiple phishing attacks this year. Hackers stole 29 Moonbirds in May, valued at $1.5 million at the time. Before that, 35 NFTs including Bored Apes were stolen in phishing attacks within a one-week spell in March.
The coordinated phishing attacks on NFT holders by North Korean hackers are part of a larger trend. Cybercrime syndicates reportedly sponsored by Pyongyang have also been targeting crypto exchanges and other cryptocurrency-related businesses. These groups have been linked with several large-scale crypto exchange platform hacks.
The UN reported in 2019 that North Korean crypto hackers had stolen as much as $2 billion. The funds were reportedly being used to further the country’s nuclear program. The U.S. government has since sanctioned Tornado Cash, a crypto mixer that was reportedly being used by these hackers to funnel their stolen funds.
U.S. officials also continue to warn that North Korean hackers have not eased up in their crypto assault. The Department of Justice in May reported that North Korean IT workers were getting tech and crypto jobs online.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.