FBI Links DMM Bitcoin Hack to North Korean TraderTraitor Group

by

As a seasoned crypto investor who has weathered multiple market cycles and seen my fair share of hacks and scams, I can’t help but feel a sense of deja vu with the latest revelation about the DMM Bitcoin hack. The North Korean threat to our industry is as persistent as a rogue state’s pop music exports, and it seems they’ve got a whole cast of hacker groups ready to play their part in this never-ending drama.

Recent findings indicate that the cyber attack on the Japanese cryptocurrency exchange DMM Bitcoin might have been orchestrated by a group known as TraderTraitor, who are believed to be North Korean hackers. This TraderTraitor group is rumored to share connections with the notorious Lazarus Group.

Back in May, the incident saw the exchange lose 4,502 Bitcoin, valued at $308 million.

The Hack That Caused DMM Bitcoin to Shutdown

One of the biggest cryptocurrency heists of the year involved the DMM Bitcoin exploit, resulting in substantial financial losses that couldn’t be recovered. Unfortunately, these events led to the closure of the exchange within the past few weeks.

Initially, the attack was linked to the infamous Lazarus group, but US and Japanese officials now believe a more niche North Korean group, called the TraderTraitor group, was behind the attack.

Based on FBI reports, the attackers employed sophisticated deception tactics to infiltrate Ginco, a Japanese digital wallet service provider. Back in March, they assumed identities of recruiters on LinkedIn and distributed a harmful link, disguised as a pre-employment assessment, which was actually hosted on GitHub.

Regrettably, an employee at Ginco ran a piece of code without realizing its implications, which inadvertently exposed their GitHub credentials. As a result, these details were seized upon by hackers who then used the pilfered information to their advantage.

By May, they posed as a Ginco employee to gain access to their communication networks. This enabled them to alter a genuine transaction request from a DMM Bitcoin employee. Consequently, the hackers moved the stolen Bitcoins into wallets under their control.

Regardless of attempts to make amends by acquiring new Bitcoins for users, the financial repercussions were too great to overcome. In the end, the company had to declare bankruptcy and will be moving its accounts to SBI VC Trade by March 2025.

North Korea Continues to be a Persistent Threat for the Crypto Industry

Simultaneously, this incident underscores the continuous menace posed by North Korean cyber-attack teams. In the year 2024, they were reportedly behind the theft of approximately $1.34 billion in cryptocurrency, which accounts for about two-thirds of all crypto heists worldwide.

In July, the illicit funds were cleaned using Huione Guarantee, a business based in Cambodia. As per Chainalysis reports, this Cambodian firm is suspected to have been involved in multiple ‘pig-butchering’ schemes, with an approximate value of $49 billion.

In December, Cambodia took action by tightening regulations, leading to the blocking of 16 cryptocurrency trading platforms from operation within the country. Among those affected were prominent platforms such as Binance, Coinbase, and OKX.

It’s likely that those involved with cryptocurrencies are aware that Lazarus is a significant threat actor operating within our industry, causing damage to more individuals, companies, and protocols than any other group. Understanding their methods of infiltration is crucial because even the most thorough smart contract audits may not protect you.” – Metamask Security Expert Taylor Monahan.

In summary, the DMM Bitcoin hack is among the most significant cryptocurrency thefts in Japan, with only the $530 million heist at Coincheck in 2018 surpassing it.

Read More

2024-12-24 22:22