Researchers have unearthed a new phishing campaign involving North Korea-linked hackers targeting NFT users purchasing tokens on platforms such as OpenSea, X2Y2, and Rarible. Users would first purchase legitimate-looking NFTs on these websites, and these NFTs would then direct the buyer to fraudulent NFT-related websites to complete the minting process. However, as per a report from blockchain security company SlowMist, these websites used the minting process to try to extract valuable data, including IP addresses, authorizations, and their use of plug-in wallets in the process. This reportedly involved duping users into carrying out authorizing activities such as sending their Seaport signature, a type of digital signature used to verify NFT contracts made on OpenSea. OpenSea, X2Y2, and Rarible did not immediately respond to Decrypt’s request for comment. The researchers uncovered that there were over 500 domains in total running these types of “malicious mints,” and the campaign has reportedly been ongoing for several months, with the first domain appearing to be created over seven months ago. The vast majority of these domains were said to have used the same IP address.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.