North Korean Hackers Responsible for $308 Million DMM Crypto Exchange Theft
The $308 million hack of Japanese crypto exchange DMM in May was attributed to North Korean hackers, according to U.S. and Japanese law enforcement agencies.
The theft involved 4,502.9 bitcoin (BTC) and resulted in the exchange's closure. The FBI identified this operation as "affiliated" with a group called TraderTraitor, in collaboration with the Department of Defense Cyber Crime Center and Japan's National Police Agency.
Chainalysis reported that North Korea has been a significant player in crypto crime, responsible for over half of the cryptocurrency value stolen in 2024. The country, officially known as the Democratic People's Republic of Korea (DPRK), is linked to $1.34 billion in theft across 47 incidents, a substantial increase from the revised figure of $660 million in 2023.
TraderTraitor, also referred to as Jade Sleet, UNC4899, and Slow Pisces, employs targeted social engineering tactics. In this case, malicious code was embedded in a Python script used for a fake pre-employment test and sent by an operative impersonating a recruiter on LinkedIn to a candidate at crypto wallet company Ginco.
The victim uploaded the code to their personal Github page, granting TraderTraitor access to session cookie information, which enabled them to infiltrate Ginco's communications system. Subsequently, they likely intercepted a legitimate transaction request from a DMM employee, facilitating the theft.