North Korea’s Lazarus Group, identified as an Advanced Persistent Threat (APT), has reportedly been running an expansive phishing scheme targeting non-fungible token (NFT) investors.

Blockchain security company SlowMist found that the group has been using almost 500 deceptive webpages disguised as reputable NFT-related projects and platforms to fool people into connecting their wallets to the sites, leading to the theft of the victim’s NFTs and their wallet being left exposed to the hackers.

The report indicated that the campaign has been active for several months and that a single phishing address was able to steal 1,055 NFTs and gain 300 ETH, equivalent to around $367,000.

SlowMist added that the same APT group was responsible for the Naver phishing attack reported by Prevailion in March.