North Korean attackers are stealing thousands of dollars worth of digital assets by posing as well-known non-fungible token platforms and decentralized finance markets on phishing websites.
According to media sources, the attackers set up around 500 fake sites, including NFT marketplaces OpenSea, X2Y2, and Raible, and a project related to the World Cup. By stealing 1,055 NFTs using just one of those phishing addresses, they netted $365,000. The total dollar amount of the stolen property was not disclosed.
The majority of crypto-related robberies this year have been led by advanced persistent threat groups in the country. According to media sources, organizations linked to North Korea have stolen more than $1 billion in cryptocurrency through DeFi protocols this year, including $600 million from the Ronin network.
Methods Of Attack
In some cases, attackers created fake NFT-related websites with malicious mints to trick victims. In an attempt to create NFTs, users linked their wallets to spoofed websites, but instead left their wallets open to attack, giving the attacker full access to their assets.
The attackers also kept track of visitor information and used it to launch different attack scripts against the victim. This gave the hackers access to the victim’s consent records and big data as well as sensitive information such as their access logs, authorizations, and plug-in wallet usage. According to Media Sources, “all this data then gives the hacker access to the victim’s wallet, leaving all of their digital valuables exposed.”
The antagonists mostly operated under two IP addresses, one of which hosted 372 NFT phishing websites and the other 320.
What Is NFT?
A non-fungible token (NFT) is a type of digital asset that is stored on a blockchain and represents ownership of a unique item. NFTs are unique because they cannot be exchanged for other assets on a one-to-one basis, like how a dollar can be exchanged for a euro. This is in contrast to cryptocurrencies such as Bitcoin, which are interchangeable and can be used to represent any value.
NFTs are often used to represent ownership of digital items such as art, collectibles, and even virtual real estate. They can also be used to describe physical items, such as concert tickets or limited edition physical artworks.
NFTs have gained significant attention in recent years due to the emergence of the NFT art market, where digital artworks have sold for millions of dollars. However, NFTs have potential applications beyond the art world and could be used to represent a wide range of unique assets.
What Is a Phishing Website?
Phishing is a type of online scam in which attackers attempt to trick individuals into divulging sensitive information, such as passwords or credit card numbers, by pretending to be a legitimate entity. One common tactic used in phishing attacks is the creation of fake websites, also known as phishing websites.
Phishing websites are designed to look like legitimate websites but are actually designed to steal sensitive information from unsuspecting users. These websites may be designed to mimic the login pages of popular websites, such as online banking or social media platforms, in an attempt to convince users to enter their login credentials. Alternatively, they may be designed to mimic legitimate websites in order to convince users to enter their personal information or credit card details.
Some tips for staying safe include:
.Check for secure connections (HTTPS) and look for any red flags, such as spelling errors or mismatched logos.
Do not click on links in emails or messages from unknown sources. If you receive an email or message from a company or organization that you do business with, do not click on any links contained within it.
Use anti-phishing software or extensions, which can help to block phishing websites and alert you to potential threats.
Be wary of requests for personal information, such as passwords or credit card numbers. Legitimate organizations will not ask for this information via email or phone.
How hackers stole NFTs
There are several ways that hackers could potentially steal non-fungible tokens (NFTs).
Some potential methods include:
1. Gaining unauthorized access to a user’s cryptocurrency wallet
If a hacker is able to obtain the login credentials for a user’s cryptocurrency wallet, they may be able to transfer the user’s NFTs to their own wallet without the user’s knowledge.
2. Exploiting vulnerabilities in NFT platforms
If an NFT platform has vulnerabilities, a hacker may be able to exploit them in order to gain access to user accounts and steal NFTs.
3. Phishing attacks
Hackers may use phishing techniques, such as creating fake websites or sending fake emails, in an attempt to trick users into revealing their login credentials or other sensitive information. This information could then be used to access the user’s NFTs.
4. Social engineering
Hackers may use social engineering techniques, such as pretexting or impersonation, in an attempt to obtain sensitive information or gain access to NFTs.
How to protect NFT from being hacked
Here are some steps that individuals can take to protect their non-fungible tokens (NFTs) from being stolen:
1. Use strong and unique passwords
Make sure to use strong, unique passwords for all of your accounts, including your cryptocurrency wallet and any platforms where you buy or sell NFTs.
2. Enable two-factor authentication
Two-factor authentication (2FA) adds an extra layer of security by requiring you to enter a code sent to your phone or email in addition to your password when logging in. This helps to prevent unauthorized access to your accounts.
3. Update your software
Maintain the latest security patches on your operating system, web browser, and other software. Doing so can prevent attackers from using known vulnerabilities.
4. Be cautious when clicking on links
Be careful when clicking on links, especially in emails or messages from unknown sources. These links may contain malware or lead to fake websites designed to steal your information.
5. Only purchase NFTs from reputable sources
Be sure to research the seller and the NFTs that you are interested in purchasing to ensure that they are legitimate. Avoid buying from unknown or untrustworthy sellers.