North Korean Hackers Target NFT Holders in Phishing Attacks, Steal Ether and Over 1,000 NFTs

A group linked to North Korea has been reportedly targeting NFT holders, using over 500 phishing websites to steal assets.

North Korean Hackers Behind Attempted DeBridge Attack

Hackers connected to the infamous North Korea Lazarus Group have reportedly been carrying out massive phishing campaigns targeting non-fungible tokens (NFT) investors. This has led to the theft of over 1,000 NFTs and Ether.

North Korean Hackers Target NFT Holders

SlowMist, a blockchain security company, began investigating the North Korean Advanced Persistent Threat (APT) group in September. This came after a Twitter user identified as PhantomXSec mentioned that they were behind phishing attacks on multiple Ethereum and Solana NFT projects.


The investigation showed that the group had nearly 500 domain names used for phishing campaigns, some of which were registered over seven months ago. 

According to  SlowMist’s report, a wallet linked to one of the phishing websites received 1,055 NFTs and made a profit of approximately 300 ETH through sales.

The Growing Threat of North Korea

North Korea is becoming a major threat to the crypto industry. The reclusive state backs cybercriminals to loot funds to cope with harsh UN sanctions and support its frail economy.

According to the report, these APT-liked websites acted as NFT-related platforms tricking victims into believing they were minting a legitimate NFT by connecting their wallet to the website. This left investors with fake NFTs and unprotected wallets.

On the Flipside

  • SlowMist also identified some form of collaboration between North Korean and Eastern Europe hackers, as the wallet linked with the NFT hacks interacted with several risky addresses in the region.

Why You Should Care

The investigation also demonstrates the increased threat from North Korea, which we reported had stolen over $1.2 billion worth of crypto assets since 2017.

The recent report on North Korea’s hacks is covered in;

North Korean Hackers Have Stolen $1.2 Billion in Crypto Funds Since 2017, Says South Korea

You can also read about one of their earlier targets in:

North Korean Hackers Aim Their Crypto Attacks at DeFi

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Milko Trajcevski

Milko Trajcevski is a DailyCoin news reporter, mainly focused on Ethereum (ETH), Cardano (ADA), and their founders (Vitalik Buterin and Charles Hoskinson). Milko is an avid follower of crypto and blockchain technology and has written thousands of articles on the subjects. He finds joy in transforming complex issues into written content that anyone can understand. Milko has used and analyzed numerous exchanges, such as Coinbase, FTX, and Binance. He also closely follows all of the latest news around the largest decentralized exchanges (DEXs). Location: Skopje, Macedonia