Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...

NFT Collectors Beware—North Korean Hackers are Phishing in Your Waters

On December 24, 2022, Slow Mist, a blockchain security firm, presented an analysis of a North Korean Advanced Persistent Threat (APT.)

The APT impersonates NFT-supported websites to steal NFT collectors’ cryptocurrency and their personal identifying and financial credentials.

The website impersonation includes:

—Crypto Currency Blockchains

—Crypto Wallets

—Crypto Exchanges and

—NFT Marketplaces.

Slow Mist: Investigation of North Korea APTs Large Scale Phishing Attack on NFT Users.

Four days later, Blockster published a synopsis of the Slow Mist investigation, which does a nice job of putting it into context.

The Blockster report also includes a list of sensible recommendations NFT collectors can use to protect themselves from phishing attacks, such as–

1. Verify websites’ legitimacy before entering personal information, such as your wallet address or private key. Look for official URLs and contact information.

2. Enable two-factor authentication (2FA) for your wallet and other accounts. 2FA is an extra layer of security that requires you to enter a code from a device, such as a smartphone, to access information.

3. Beware of emails that contain links or attachments from unknown senders. Don’t click on any suspicious links or enter your information on websites you’re unfamiliar with.

4. Use strong passwords and don’t reuse them across multiple accounts. It’s also a good idea to regularly change your passwords, especially if you suspect your account may have been compromised.

5. Avoid publicly sharing your wallet address with people you know. You should also avoid public Wi-Fi networks and use a VPN when possible.

6. Make sure to spot a phishing email by looking for spelling mistakes, poor grammar, and excessive use of punctuation marks like exclamation points.


I urge IP Probe Blog readers to browse the Slow Mist investigation. Besides presenting exhaustive data, it provides screenshot-samples of some of the impersonating North Korean websites.


IP Probe Blog – 5/14/22 — First US/DOJ—NFT “Rug Pull” Prosecution: Part 2 of 2

IP Probe Blog – 4/29/22 — First US/DOJ—NFT “Rug Pull” Prosecution: Part 1 of 2

DisclaimerIPProbe.Global is a service to the professional IP community. While every effort has been made to check information in this blog, we provide no guarantees or warranties, express or implied, regarding the content provided in IPProbe.Global. We disclaim all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such persons and the accuracy and validity of the information provided by them. This blog is for general information only and not intended to provide legal or other professional advice.

Did you find this post useful?
I agree to have my personal information transfered to MailChimp ( more information )
Join other IP protection professionals, i.e., investigators, attorneys, and brand protection specialists and receive updates straight to your inbox.
We hate spam. Your email address will not be sold or shared with anyone else.

Ron Alvarez is an IP investigations and protection consultant and writer in New York City. He is a former NYPD lieutenant where he investigated robbery, narcotics, internal affairs, and fine art theft cases. Ron has since coordinated the private investigation of international fraud and money laundering cases, as well as IP-related investigations and research involving the four pillars of IP: copyright, patents, trademarks, and trade secrets. Ron is a graduate of the FBI National Academy and earned a B.A. in Government and Public Administration from John Jay College of Criminal Justice in Manhattan. He has written a number of articles for various investigative publications, as well as published "The World of Intellectual Property (IP) Protection and Investigations" in November 2021.

2 comments on “NFT Collectors Beware—North Korean Hackers are Phishing in Your Waters

  1. Pingback: NFT Marketplace-Impersonations Lead to Cryptocurrency Theft – IP PROBE – Blog

  2. Pingback: Tornado Cash Founders–Linked to North Korea–Indicted for Laundering Over $1 Billion in Criminal Proceeds – IP PROBE – Blog

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...
%d bloggers like this: