Skip to content

FBI blames North Korea for $308 million crypto hack

  • by
  • 2 min read

Bitcoin exchange DMM was hacked in 2024, costing 4,502.9 BTC or $308 million. The FBI has published a statement claiming it worked with Japan’s National Police Agency (NPA) to trace the theft to a North Korean hacking group known as TraderTraitor, which has been known to target crypto banks and exchanges.

The attacks started in March 2024 when the hacking group posed as a recruiter on LinkedIn to target an employee at Ginco, a Japanese cryptocurrency wallet firm. The target had critical access to Ginco’s wallet management systems and was tricked into downloading a malicious Python script disguised as a pre-employment test hosted on GitHub. The victim copied the malicious Python code to their personal GitHub page, leading to the initial compromise.

In May 2024, the hackers used session cookie data captured from the compromised employee to impersonate them and gain access to Ginco’s reportedly unencrypted communication system. By the end of the month, the hackers had already created a legitimate transaction request from a DMM employee to transfer 4,502.9 Bitcoin, equivalent to $308 million at the time. The stolen money was then moved to crypto wallets controlled by the hacking group.

Photo by Morrowind/Shutterstock.com
Photo by Morrowind/Shutterstock.com

This is TraderTraitor’s preferred method of attack, as per the FBI’s notice. The group is also tracked as Jade Sleet, UNC4899, and Slow Pisces, and its activity is often identified by targeted social engineering directed at multiple employees of the same company simultaneously.

2024 has been a very active year for North Korean threat actors. From researchers at Microsoft discovering Moonstone Sleet — a new state-sponsored threat actor from the hermit kingdom to their hackers testing new malware for macOS, North Korea has significantly increased its cyber espionage and attack operations. Its hackers were also caught US IT firms to funnel money into the country to fund its missile programs.

In the News: Critics raise alarm over Vietnam’s Decree 147 over freedom of expression and privacy

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>