North Korea-linked NFT phishing campaign targeting OpenSea, X2Y2 and Rarible clients
Researchers have uncovered a new phishing marketing campaign involving North Korea-related hackers targeting NFT users buying tokens at structures like OpenSea, X2Y2, and Rarible.
Customers would first purchase legitimate search NFTs on these websites, and those NFTs could then direct the customer to fraudulent NFT-related websites to complete the minting technique.
But, according to a report by blockchain advocacy firm SlowMist, these websites used the minting technique to try to extract valuable data, including IP addresses, authorizations, and plugin wallet usage along the way.
This reportedly involved tricking clients into performing authorization activities that consisted of submitting their Seaport signature,
OpenSea, X2Y2 and Rarible Now did not respond to Decrypt's request for comment.
The researchers revealed that there were more than 500 domains in general circling around these “rogue mint” styles
and the campaign has reportedly been ongoing for several months, with the main area being tested more than seven months ago.
It has been said that the vast majority of these domain names have used the same IP address.