FBI Reports North Korean Hackers Stole $305 Million from DMM Exchange

The Federal Bureau of Investigation (FBI) reported that North Korean hackers stole $305 million from the Japanese crypto exchange DMM in May 2024. The FBI collaborated with the Department of Defense Cyber Crime Center (DC3) and Japan's National Police Agency (NPA) to release details of the cyberattack, revealing a theft of 4,502.9 Bitcoin.

The FBI attributed the heist to the TraderTraitor group, which used sophisticated tactics, including targeted social engineering attacks on employees.

FBI – North Korean Hackers Posing as Recruiters

The investigation revealed that the North Korean hackers posed as recruiters on LinkedIn targeting an employee at Ginco, a Japan-based crypto wallet company. In March, they sent a malicious link disguised as a pre-employment test hosted on GitHub, leading the employee to compromise their system.

By May, the hackers exploited the stolen information to impersonate the employee and access Ginco’s internal communications, manipulating a transaction request from a DMM employee and resulting in the theft of over $300 million in Bitcoin. The stolen funds were transferred to wallets controlled by the TraderTraitor group. The FBI continues to collaborate with Japan’s NPA and other international partners to address illicit activities by North Korean hackers.

Rise in Crypto Hacks

The DMM incident was among the largest cyberattacks of 2024, part of a broader trend of security breaches. A Chainalysis report from December 19 noted 303 security incidents in 2024, totaling losses up to $2.2 billion. Web3 cybersecurity firm Cyvers reported a 1,000% year-over-year increase in incidents affecting the centralized finance (CeFi) sector, highlighting growing vulnerabilities in both centralized and decentralized finance platforms as cyber threats evolve.