FBI Connects $308 Million DMM Bitcoin Hack to North Korean Hackers
The FBI has linked the DMM Bitcoin hack to North Korea’s TraderTraitor hacking group, associated with the Lazarus Group. The May cyberattack resulted in the theft of 4,502 Bitcoin, valued at $308 million, leading to the closure of the Japanese crypto exchange.
The attack utilized sophisticated social engineering tactics against Ginco, a Japanese cryptocurrency wallet company. Hackers impersonated recruiters on LinkedIn, sending links disguised as pre-employment tests hosted on GitHub. A Ginco employee clicked the link, compromising their GitHub account and allowing the attackers to impersonate them in internal communications.
By May, the hackers manipulated a legitimate transaction request from a DMM Bitcoin employee. The stolen Bitcoin was quickly transferred to hacker-controlled wallets. DMM Bitcoin attempted to recover funds and compensate users through Bitcoin repurchases but ultimately announced its permanent closure and plans to transfer customer accounts to SBI VC Trade by March 2025.
This breach is among Japan's most significant crypto thefts, second only to the 2018 Coincheck hack, where $530 million was stolen. It highlights the increasing threat from North Korean cybercriminal groups in the cryptocurrency sector, responsible for stealing $1.34 billion in crypto assets in 2024, accounting for about two-thirds of global crypto thefts.
In July, the stolen funds were funneled through Huione Guarantee, a Cambodian company reportedly involved in pig butchering scams valued at approximately $49 billion. In response, Cambodia initiated a crackdown in December, blocking access to 16 cryptocurrency exchanges, including Binance, Coinbase, and OKX.
Taylor Monahan, a security expert from MetaMask, noted the ongoing risk, stating that Lazarus is one of the most prevalent threat actors targeting the industry. Understanding their methods is crucial, as traditional security measures may not suffice.
This attack underscores the persistent and evolving threat from North Korean cybercriminals, who exploit human error through social engineering and advanced infiltration techniques, posing a serious challenge for the global cryptocurrency industry.