The FBI, Japan’s National Police Agency, and the Department of Defense Cyber Crime Center have confirmed that North Korean-linked hackers orchestrated the May 2024 $305 million breach of the Japanese crypto exchange DMM Bitcoin.
The attack was attributed in a statement published on the 23rd of December to TraderTraitor threats actors (also known as Jade Sleet UNC4899 or Slow Pisces). The hackers target their victims using sophisticated social engineering tactics that exploit human weaknesses.
Independent investigations linked the hack to another North Korean hacking gang, Lazarus Group.
Crypto investigator ZachXBT highlighted similarities between the laundering methods used in this attack and those tied to Lazarus, which previously masterminded the $600 million theft from Axie Infinity’s Ronin bridge.
Chainalysis reported that North Korean hackers stole over $1 billion from 47 victims in just this one year.
DMM Bitcoin hack: Understanding it
According to the authorities’ statement, the DMM Bitcoin breach stemmed from a well-coordinated social engineering scheme targeting employees of Ginco, a Japanese crypto wallet software firm.
In March, an operative from North Korea posing as recruiter on LinkedIn reached out to a Ginco worker. The attacker sent a malicious Python code disguised as a test for pre-employment hosted on a GitHub site.
The employee, unaware of the danger, copied the script onto their personal GitHub accounts, giving the hacker unintentionally access to session cookie information. This enabled the attacker to impersonate the compromised employee and infiltrate Ginco’s unencrypted communication system.
In late May, the threat agent used this foothold in order to manipulate an official transaction request made by a DMM Bitcoin staff member, stealing 4,502.9 BTC valued at approximately $305,000,000.
Next?
DMM Bitcoin recently announced that they would be ceasing operations in March 2025.
Since then, the exchange has halted withdrawals and spot trading activities, complicating users’ efforts to transfer their assets.
However, the company intends to move all funds, including Japanese Yen and cryptocurrencies, to SBI VC Trade, a subsidiary of Japan’s financial giant SBI Holdings.
Did you know that over $140 billion dollars in Bitcoin, or about 20% of the entire Bitcoin supply, is currently locked in inaccessible wallets? Or maybe you have lost access to your Bitcoin wallet? Don’t let those funds remain out of reach! AI Seed Phrase Finder is here to help you regain access effortlessly. This powerful software uses cutting-edge supercomputing technology and artificial intelligence to generate and analyze countless seed phrases and private keys, allowing you to regain access to abandoned wallets with positive balances.
