30/12/2022 North Korean hackers stealing NFTs using nearly 500 phishing domains

The hackers created decoy websites impersonating NFT marketplaces, NFT projects and even a DeFi platform.

North Korean hackers stealing NFTs using nearly 500 phishing domains

Hackers linked to North Korea’s Lazarus Group are reportedly behind a massive phishing campaign targeting nonfungible token (NFT) investors — utilizing nearly 500 phishing domains to dupe victims.

Blockchain security firm SlowMist released a report on Dec. 24,revealingthe tactics that North Korean Advanced Persistent Threat (APT) groups have used to part NFT investors from their NFTs, including decoy websites disguised as a variety of NFT-related platforms and projects.

Examples of these fake websites include a site pretending to be a project associated with the World Cup, as well as sites that impersonatewell-known NFT marketplacessuch as OpenSea, X2Y2 and Rarible.

SlowMist said one of the tactics used was having these decoy websites offer “malicious Mints,” which involves deceiving the victims into thinking they are minting a legitimate NFT by connecting their wallet to the website.

However, the NFT is actually fraudulent, and the victim’s wallet is left vulnerable to the hacker who now has access to it.

The report also revealed that many of the phishing websites operated under the same Internet Protocol (IP), with 372 NFT phishing websites under a single IP and another 320 NFT phishing websites associated with another IP.

85ca2b0c-8c28-4c86-bc64-3e0d7eaa231c.PNGAn example phishing website Source: SlowMist

SlowMist said the phishing campaign has been ongoing for several months, noting that the earliest registered domain name came about seven months ago.

Other phishing tactics used included recording visitor data and saving it to external sites as well as linking images to target projects.

After the hacker was about to obtain the visitor's data, they would then proceed to run various attack scripts on the victim, which would allow the hacker access to the victim’s access records, authorizations and use of plug-in wallets, as well as sensitive data such as the victims’ approve record and sigData.

All this information then enables the hacker access to the victim’s wallet, exposing all their digital assets.

However, SlowMist emphasized that this is just the “tip of the iceberg,” as the analysis only looked at a small portion of the materials and extracted “some” of the phishing characteristics of the North Korean hackers.

SlowMist Security Alert

North Korean APT group targeting NFT users with large-scale phishing campaign

This is just the tip of the iceberg. Our thread only covers a fraction of what we've discovered.

Let's dive inpic.twitter.com/DeHq1TTrrN

— SlowMist (@SlowMist_Team)December 24, 2022

For example, SlowMist highlighted that just one phishing address alone was able to gain 1,055 NFTs and profit 300 Ether, worth $367,000, through its phishing tactics.

It added that the same North Korean APT group was also responsible for the Naver phishing campaign that was previouslydocumentedby Prevailion on March 15.

North Korea has been at the center of various cryptocurrency theft crimes in 2022.

According to a news report published by South Korea’s National Intelligence Service (NIS) on Dec 22,North Korea stole $620 millionworth of cryptocurrencies this year alone.

In October, Japan’s National Police Agency sent out a warning to the country’s crypto-asset businesses advising them to be cautiousof the North Korean hacking group.

400M Twitter users’ data is reportedly on sale in the black market

The private contact information of Ethereum co-founder Vitalik Buterin, shark tank host Kevin O'Leary and Mark Cuban are among those purportedly for sale.

400M Twitter users’ data is reportedly on sale in the black market

400 million Twitter users’ data containing private emails and linked phone numbers have reportedly been up for sale on the black market.

Cybercrime intelligence firm Hudson Rock highlighted a “credible threat” via Twitter on Dec. 24 in which someone is supposedly selling a private database containing contact information of 400 million Twitter user accounts.

“The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more,” Hudson Rock stated, before adding that:

“In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability in Twitter, as well as attempting to extort Elon Muskto buy the data or face GDPR lawsuits.”

Hudson Rock said that while it has not been able to fully verify the hacker’s claims given the number of accounts, it said that an “independent verification of the data itself appears to be legitimate.”

BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.

The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2).pic.twitter.com/wQU5LLQeE1

— Hudson Rock (@RockHudsonRock)December 24, 2022

Web3 security firm DeFiYield also had a look at 1,000 accounts given as a sample by the hacker and verified that the data is “real.” It also reached out to the hacker via Telegram and noted that they are activelywaitingfor a buyer there.

If found true, the breach could be a significant cause for concern for Crypto Twitter users, particularly those who operate under a pseudonym.

However, some users have highlighted that such a large-scale breach is hard to believe, given that the current amount of active monthly usersreportedlysits at around 450 million.

At the time of writing, the purported hacker still has a post up onBreachedadvertising the database to buyers. It also has a specific call to action forElon Musk to pay $276 millionto avoid having the data sold and face a fine from the General Data Protection Regulation agency.

If Musk pays the fee, the hacker says they will delete the data and it will not be sold to anyone else “to prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing and other things.”

Hacker's database ad: Breached

The breached data in question is understood to have come from the “Zero-Day Hack” on Twitter, in which an application programming interface vulnerabilityfrom June 2021 wasexploitedbefore it was patched in January this year. The bug essentially allowed hackers to scrape private info, which they then compiled into databases to sell on the dark web.

Alongside this supposed database, two others have previously been identified, with one consisting of around 5.5 million users and another thought to contain as many as 17 million users,accordingto a Nov. 27 report from Bleeping Computer.

The dangers of having such info leaked online includetargeted phishing attemptsvia text and email, sim swap attacks to get ahold of accounts and the doxing of private information.

There are some serious concerns with this.
#1 - Identities of many pseudo accounts will be public, posing risks for them
#2 - With a phone number, it's super easy to find anyone's address and banking information.
#3 - Multiple phishing attempts via cellphone, physical, or email

— Haseeb Awan - efani.com (@haseeb)December 25, 2022

People are being advised to take precautions such as making sure two-factor authentication settings are turned on for their various accounts, via an app and not their phone number, along with changing their passwords and storing them securely and also using a privateself-hosted crypto wallet.

Arts

https://cointelegraph.com/news/400m-twitter-users-data-is-reportedly-on-sale-in-the-black-market

Interesting NFTs
Message from Kylie J. #22_23
Limited edition of the legendary Message from Kylie! Exclusive series for Binance NFT. Publish to Binance NFT only. Author: DANILPRAVDA
My Other Half | Inspired by Minecraft: The Last Minecart (2011)
Almost every year, we capture ourselves in a way that no photo or video is capable of: with a photoscan. If you dig through our archives, you'll find many of them and can see exactly how we change over time. Sam Gorski, Creator | I wanted to find the oldest scan of myself and put him side-by-side with Sam from the present. While it is hard to look at it and not miss the years past, at the same time, this gives me hope for the future by embracing and cherishing the change in my life. How would I have gotten this far without him? About This Piece | Sam on the left was captured in 2014, while Sam on the right was captured last week (2021). This work represents the personal, creative, and emotional journey in all of us, and the hope that ourselves tomorrow may be better than ourselves today.
2.0
2.0
Source Code for the WWW
OWNER: Sir Tim Berners-Lee Sir Tim Berners-Lee, b. 1955 Source Code for the WWW 1990-1991 Work includes: Original archive of dated and time-stamped files containing the source code, written between 3 October 1990 and 24 August 1991. These files contain code with approximately 9,555 lines, the contents of which include implementations of the three languages and protocols invented by Sir Tim; HTML (Hypertext Markup Language); HTTP (Hyper Transfer Protocol); and URIs (Uniform Resource Identifiers), as well as the original HTML documents that instructed early web users on how to use the application Animated visualization of the code being written (Video, black & white, silent), lasting 30 minutes 25 seconds A Scalable Vector Graphics (SVG) representation of the full code (A0 841mm wide by 1189 mm high), created by Sir Tim from the original files using Python, with a graphic representation of his physical signature at lower right A letter written in the README.md file (in “markdown” format) by Sir Tim in June of 2021, reflecting upon the code and his process of creating it Non-fungible Token ERC-721 Minted on June 15, 2021, ed. 1/1 Smart Contract Address: 0x86ade256037d80d6d42df8df96d5be21cd25bd8f
Domestic - 2017
“Domestic is the manifestation of the cultural patriarchy in my home. The wooden "woman's" tragedy of false desire. It was done in a moment of breakup. The hollow 3d body & its lost eyes, invites you to fill up. Trying to reach out, encumbered and wrapped in its own fragility, the new mother rises."