North Korean attackers are using phishing websites to impersonate popular non-fungible token platforms and decentralized finance marketplaces to steal digital assets worth thousands of dollars.
The attackers set up nearly 500 decoy sites, including that of a project associated with the World Cup, and NFT marketplaces OpenSea, X2Y2 and Rarible, blockchain security firm SlowMist says. They made off with $365,000 by stealing 1,055 NFTs with just one of those phishing addresses, it says. It did not specify the total value of the stolen assets.
The phishing campaign, active for at least seven months now, is only “the tip of the iceberg,” the company says.
The country’s advanced persistent threat groups have been on the forefront of cryptocurrency-related heists this year. In September, blockchain analysis company Chainalysis estimated that North Korea-linked groups stole about $1 billion of cryptocurrency from DeFi protocols this year, including $600 million from the Ronin Network.