A large-scale phishing campaign, backed by hackers linked to the North Korean group Lazarus, led to the theft of 1,055 NFT.

The attackers created about 500 domains, passing them off as known marketplaces as well as a site dedicated to the World Cup. These offered users a fake coin issue, which in fact gave the fraudsters access to the victim's wallet.

The second scheme involved saving visitors' data on external sites for subsequent attack on the wallets connected and the confidential information provided.

All the phishing sites operated on two IP addresses.

The campaign began about seven months ago and is still ongoing. The cumulative damage from the attacks is unknown, but only one of the phishing addresses received 1,055 NFT worth 300 ETH ($367,000 at the time the tokens were sold).

However, experts stressed that in reality the scale of NFT thefts could be higher, as they have examined "only a small part of the material" related to the activities of North Korean hackers.

According to South Korea's National Intelligence Service, North Korea stole $620 million worth of cryptocurrencies in 2022 alone.