This post is also available in:
עברית (Hebrew)
In a major cyber heist, North Korean-linked hackers stole $308 million in cryptocurrency from the Japanese crypto exchange DMM Bitcoin. The FBI, in collaboration with the U.S. Department of Defense Cyber Crime Center (DC3) and Japan’s National Police Agency, revealed the attack on Tuesday, December 24th, explaining it was a sophisticated operation led by the “TraderTraitor” hacking group.
The incident took place in May 2024, but its details have only recently been made public. According to authorities, the hackers targeted DMM Bitcoin using a series of social engineering tactics. The operation began in March 2024, when one of the cybercriminals posed as a LinkedIn recruiter to contact an employee at Ginco, a Japan-based crypto wallet software company. The hacker sent the employee a malicious URL, disguised as a pre-employment test on GitHub, which led the victim to unknowingly download a harmful Python script.
Once the employee’s system was compromised, the hackers gained access to Ginco’s internal, unencrypted communications system. By exploiting session cookies, they impersonated the compromised employee and made their way into DMM Bitcoin’s network. In late May, the attackers used this access to manipulate a legitimate transaction request from a DMM employee, leading to the theft of 4,502.9 BTC, worth around $308 million at the time. The stolen cryptocurrency was then transferred to wallets controlled by the hackers.
This attack is part of a broader campaign by the TraderTraitor group, which has previously been linked to the infamous Lazarus Group, a North Korean hacking collective known for targeting cryptocurrency exchanges to fund the country’s weapons programs. The FBI had already warned cryptocurrency firms in 2023 about the group’s ongoing efforts to launder stolen funds through dark web markets.
The scale and sophistication of this breach underscore the increasing threat posed by state-backed cybercriminal groups targeting financial institutions worldwide. Following the heist, DMM Bitcoin announced plans to cease operations and liquidate its assets.
