A sophisticated cyberattack in May resulted in the theft of $305 million in bitcoin from the Japanese bitcoin exchange DMM. Authorities from the United States and Japan disclosed that TraderTraitor, a North Korea-affiliated hacking organization, carried out the crime.
The attackers broke into the system via social engineering. In March, a hacker posing as a recruiter on LinkedIn targeted an employee of Ginco, a crypto wallet startup connected to DMM. The employee got an apparently innocuous pre-employment test link, which proved to be malicious code. Thinking it was authentic, the victim uploaded the code to their personal GitHub account, inadvertently giving the hackers access to communications systems and private session cookies.
By May, the attackers impersonated the staff member using the pilfered data to control a DMM transaction. This let them put 4,502.9 Bitcoin—valued at $305 million at the time—into wallets under their control.
The episode emphasizes how increasingly dangerous hacks are in the bitcoin field. Along with Japan’s National Police Agency and the Department of Defense Cyber Crime Center, the FBI verified TraderTraitor’s involvement—a group well-known for its deliberate strikes and ties to North Korea.
Authorities are stepping up initiatives to combat such illegal activity since North Korea depends more and more on pilfered cryptocurrencies to run its operations. Comprising billions of dollars, North Korea-linked entities accounted for nearly half of all crypto thefts worldwide in 2024 alone.
This assault on DMM emphasizes the need for strong cybersecurity policies and awareness against social engineering strategies. Companies and individuals must remain vigilant in safeguarding their assets as sophisticated crypto-related crimes continue to evolve.
