Recently, SlowMist published a report stating that the North Korean-backed Lazarus Group hackers have been targeting investors through fake domain name campaigns to steal NFTs, ETH, and SOL tokens.
PhantomXsec first reported on 196 domains being used to list NFT collections from marketplaces like OpenSea to lure collectors in, making them believe they are minting on the actual platforms and gaining access to their wallets.
As a result, SlowMist, a security firm, began investigating the case to discover that this domain name campaign was deeper than it seemed. The North Korean APT group has made 500 domain names with 375 phishing websites in one IP and 320 in another to hunt crypto and NFT owners, which has continued for 7 months now.
“The hacker records visitors’ information to an external domain through an HTTP GET request,” the report added.
The hackers used the statistical data of users to target them. Some host addresses were revealed to have “victim’s access records, authorizations, and uses of plug-in wallets.”
Lazarus Group remains to be the most dangerous bunch of hackers in the Web3 space as they continue to target investors, traders, and collectors. Previously, it stole $625M worth of digital tokens from the Ronin network violating the US sanctions.