North Korea Hackers Steal NFTs Using Hundreds Of Fake Marketplaces

North Korean hackers have stolen non-fungible tokens (NFT) worth thousands of dollars by creating decoy NFT-related websites using around 500 different domain names, a security firm reported.

In a report released Saturday, blockchain security company SlowMist said that the hackers made decoy websites with malicious Mints, making NFT owners think they were minting legitimate NFTs and connecting the victims' wallets to the websites.

The websites pretended to be associated with well-known NFT marketplaces such as OpenSea, X2Y2, Rarible and even the World Cup, according to the report.

The hackers also recorded visitor data and saved it to external sites before proceeding to run various attack scripts on the victims, allowing them to access the victims' access records, authorizations and use of plug-in wallets, among others.

The report also noted that the phishing websites operated under the same Internet Protocol (IP), with 372 NFT phishing websites in a single IP and another 320 NFT phishing websites associated with another IP.

Approximately 1,055 NFTs worth 300 Ethereum or $366,000 were taken from the owners.

"SlowMist advises users to strengthen their understanding of security knowledge and further enhance their ability to identify phishing attacks in order to avoid falling victim to such attacks," the firm wrote.

Earlier, South Korea's National Intelligence Service (NIS) found that hackers sponsored by North Korea have already stolen an estimated $1.2 billion in cryptocurrencies around the world since 2017, according to a report by the Associated Press.

About half of the total amount of $626 million was stolen in 2022 alone, NIS reported.

The agency added that North Korean hackers are expected to conduct more cyberattacks in 2023 to steal South Korean technologies and confidential information.

According to sources talking to AP, North Korea has turned to crypto hacking and other illegal cyber activities to support its economy and fund its nuclear program following the UN sanctions and the COVID-19 pandemic.

Meanwhile, senior diplomats from the United States, South Korea and Japan have already agreed to increase their efforts to curb illegal North Korean cyber activities.