Bitcoin btc
$ usd

North Korean APT Hacker Group Steals 300 ETH and Over 1,000 NFTs in Phishing Attacks

2 mins
Updated by Paolo Besabella
Join our Trading Community on Telegram

In Brief

  • SlowMist said a North Korean hacker group is involved a large-scale NFT phishing campaign.
  • The group stole over 1,000 NFTs, and gained approximately 300 ETH.
  • North Korea-linked hackers have reportedly stolen over $1 billion worth of crypto assets in the last five years.
  • promo

Blockchain security company SlowMist said the North Korean APT hacker group was responsible for large-scale crypto and NFT phishing attacks that net the group roughly 300 ETH.

According to the report, the SlowMist began its investigations of the group in September after Twitter user PhantomXSec mentioned that the group was behind phishing attacks on multiple Ethereum and Solana projects.

SlowMist’s analysis of several phishing sites linked to the group showed that one of its primary tactics was to create fake NFT-related decoy sites with malicious mints. The group has almost 500 domain names that it uses for its phishing campaigns, some of which were registered over seven months ago.

Wallet Linked to the Group Stole 1055 NFTs, Net 300 ETH

SlowMist revealed that a wallet linked to one of the phishing websites of the group received a total of 1,055 NFTs and made a profit of approximately 300 ETH through sales. According to the report, the wallet was initially funded through Binance. The report added that the wallet interacted with several risky addresses.

North Korea NFT Hacker Wallet
Source: SlowMist

Additionally, several of the NFT phishing sites share the same host IP. There were 372 NFT sites under a single IP and another 320 phishing sites under another IP.

By examining the core code of the phishing sites, SlowMist discovered that the hackers used several tokens, such as WETH, USDC, DAI, and UNI, for the attack. The hackers usually focus on luring users to perform “Approve” operations.

But they sometimes go a step further to induce victims to “perform Seaport and Permit signatures, as well as other authorizing activities.” SlowMist also discovered a DeFi platform run by the North Korean hackers 

Meanwhile, the security firm also identified some form of collaboration between North Korean and Eastern Europe hackers.

North Korea and Crypto Hacks

South Korea’s spy agency said North Korea-backed hackers have reportedly stolen over $1 billion worth of crypto assets since 2017. According to the report, the state-backed malicious players stole half of the amount in 2022 alone.

The South Korean agency said North Korea depends on crypto-hacking activities to fund its nuclear program and also to support its fragile economy.

Several reports have linked North Korean hacker groups like Lazarus to major hacks recorded in the industry this year. The group is reportedly responsible for the $100 million Harmony bridge exploit and the over $600 million exploit of Axie Infinitie’s Ronin bridge.


In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.

Oluwapelumi Adejumo
Oluwapelumi believes Bitcoin and blockchain technology have the potential to change the world for the better. He is an avid reader and began writing about crypto in 2020.