North Korean Hackers Blamed for $308M Crypto Heist at DMM Exchange

North Korean hackers, tied to the notorious TraderTraitor group, have been implicated in a $308 million cryptocurrency heist targeting Japanese exchange DMM.

Over 4,500 bitcoin were stolen in a sophisticated breach involving advanced social engineering tactics and malicious coding.

The FBI and international partners are reporting a North Korean crypto theft from a Japan-based company. After an initial compromise with social engineering techniques, the cyber actors used TraderTraitor malware to steal cryptocurrency worth $308 million: https://t.co/8kRsTrTqK5 pic.twitter.com/RzSX4UPSgr

— FBI (@FBI) December 24, 2024

The FBI, Japan’s police force, and the U.S. Department of Defense confirmed the attack, which exploited vulnerabilities in the communications system of Ginco, an external crypto wallet company.

The hackers, posing as LinkedIn recruiters, tricked a Ginco employee into uploading compromised Python code to their personal GitHub repository.

This gave the attackers access to Ginco’s communication system, enabling them to intercept and redirect a legitimate transaction from DMM.

The massive financial loss forced DMM to shut down its operations.

North Korean hacker group TraderTraitor was most likely behind a cyberattack that caused a ¥48.2 billion ($308 million) bitcoin leak in May, Japanese police have said. https://t.co/53HBILNkT9

— The Japan Times (@japantimes) December 24, 2024

The incident is part of a growing pattern of North Korean cybercrime, with groups linked to the regime responsible for $1.34 billion in stolen cryptocurrency across 47 incidents in 2024, per Chainalysis.

This represents a significant rise from $660 million stolen in 2023.

The DMM breach highlights the increasing sophistication of North Korea’s cyber operations, which exploit weaknesses in the crypto ecosystem.

It underscores the urgent need for heightened security measures in the industry to counter such evolving threats.

About The Author