The FBI, in collaboration with Japan’s NPA and DC3, reported that North Korea-affiliated cybercrime group TraderTraitor was responsible for the $305 million theft from the DMM exchange.
The Federal Bureau of Investigation (FBI) has published a report explaining how malicious actors from North Korea stole a massive $305 million from Japanese crypto exchange DMM, earlier this year in May.
On Monday, December 23, the FBI along with other agencies like the Department of Defense Cyber Crime Center (DC3), and Japan’s National Police Agency (NPA) released a report of the cyberattack wherein hackers stole a total of 4,502.9 Bitcoin BTC $84 885 24h volatility: 0.6% Market cap: $1.68 T Vol. 24h: $19.92 B , worth $305 million back then.
The FBI attributed the theft to TraderTraitor, a North Korea-affiliated cybercrime group. Besides, the investigative agency stated that the group reportedly employed sophisticated tactics, including targeted social engineering attacks on company employees, to execute the heist.
The FBI and international partners are reporting a North Korean crypto theft from a Japan-based company. After an initial compromise with social engineering techniques, the cyber actors used TraderTraitor malware to steal cryptocurrency worth $308 million: https://t.co/8kRsTrTqK5 pic.twitter.com/RzSX4UPSgr
— FBI (@FBI) December 24, 2024
FBI – North Korean Hackers Pretended as Recruiters
As per the FBI investigation, the North Korean threat actor posed as a recruiter on LinkedIn in March while targeting an employee at Japan-based crypto wallet company Ginco. Later, the hacker sent the employee a malicious link disguised as a pre-employment test hosted on a GitHub page. Thinking this to be legitimate, the employee copied the code to the personal GitHub account, compromising their system.
By May, the hackers associated with the TraderTraitor group managed to exploit the stolen information by impersonating the employee and gaining access to Ginco’s internal communications system. The FBI stated that the attackers likely used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the theft of over $300 million in Bitcoin.
Later, the hackers transferred the stolen funds to wallets controlled by the TraderTraitor group. The FBI stated that it would continue to work with Japan’s National Police Agency (NPA) and other international partners to expose and combat illicit activities by North Korean hackers.
Crypto Hacks on the Rise
The DMM exploit, one of the largest cyberattacks of 2024, was part of a broader wave of security breaches throughout the year. According to a report from Chainalysis on December 19, a total of 303 security incidents in 2024 resulted in combined losses of up to $2.2 billion.
Web3 cybersecurity firm Cyvers highlighted the impact on the centralized finance (CeFi) sector, noting a staggering 1,000% year-over-year increase in such incidents. These findings underscore the growing vulnerabilities in both centralized and decentralized finance platforms as cyber threats continue to evolve into new forms.
next