Suspected North Korean hacker made $365,000 from 1,055 stolen NFTs: Report

Metaverse & NFT • December 24, 2022, 12:23PM EST
The Block

Quick Take

  • A crypto wallet linked to North Korean APT Group stole 1,055 NFTs from victims this year.
  • This wallet reportedly made a $365,000 by selling the stolen NFTs.

A wallet address associated with a suspected North Korean APT Group stole more than 1,000 NFTs from victims of phishing attacks and made 300 ETH ($365,000) from their sale, according to a report by blockchain security firm SlowMist.

APT stands for advanced persistent threat, cyber criminals who access internet networks and can remain undetected for long periods to steal data. These entities use various attack vectors such as phishing, and a few of them are reportedly sponsored by the North Korean government.

The SlowMist report said that North Korean APT Groups have been leading a massive NFT phishing campaign. Phishing is an attack method used by hackers in which they pretend to be reputable organizations in order to trick victims into revealing sensitive information. In the NFT space, such attacks can be modified with hackers posing as known NFT projects or marketplaces to deceive victims into signing malicious transactions that can lead to losing valuable NFTs from their wallets.

“The North Korean APT group targeted Crypto and NFT users with a phishing campaign using nearly 500 different domain names,” the report said. SlowMist identified one wallet address associated with the group that had stolen 1,055 NFTs. The wallet sold the items for 300 ETH ($365,000).

Several “blue chip” NFTs have been stolen in multiple phishing attacks this year. Hackers stole 29 Moonbirds in May, valued at $1.5 million at the time. Before that, 35 NFTs including Bored Apes were stolen in phishing attacks within a one-week spell in March.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Crypto goldmine

The coordinated phishing attacks on NFT holders by North Korean hackers are part of a larger trend. Cybercrime syndicates reportedly sponsored by Pyongyang have also been targeting crypto exchanges and other cryptocurrency-related businesses. These groups have been linked with several large-scale crypto exchange platform hacks.

The UN reported in 2019 that North Korean crypto hackers had stolen as much as $2 billion. The funds were reportedly being used to further the country’s nuclear program. The U.S. government has since sanctioned Tornado Cash, a crypto mixer that was reportedly being used by these hackers to funnel their stolen funds.

U.S. officials also continue to warn that North Korean hackers have not eased up in their crypto assault. The Department of Justice in May reported that North Korean IT workers were getting tech and crypto jobs online.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Osato is a news reporter at The Block as part of the crypto ecosystems team that focuses on DAO governance, staking, blockchain layers, and DeFi. He was previously a news reporter at Cointelegraph. Based in Lagos, Nigeria, he enjoys crosswords, poker, and attempting to beat his Scrabble high score. Follow him on Twitter at @OsatoNomayo.

Editor

To contact the editor of this story:
Mike Millard at
[email protected]

More by Osato Avan-Nomayo