North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin

In May 2024, North Korean hackers executed a significant cyber heist, stealing approximately $308 million worth of Bitcoin from the Japanese cryptocurrency exchange DMM Bitcoin. The U.S. Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center, and Japan's National Police Agency have attributed this theft to a North Korean cyber actor group known as TraderTraitor, also referred to as Jade Sleet, UNC4899, and Slow Pisces.

The attack began in late March 2024 when a North Korean hacker, posing as a recruiter on LinkedIn, contacted an employee at Ginco, a Japan-based cryptocurrency wallet software company. The hacker sent the employee a URL linked to a malicious Python script under the guise of a pre-employment test hosted on GitHub. The employee, who had access to Ginco's wallet management system, copied the Python code to their personal GitHub page, leading to the compromise of their system. In late May 2024, the attackers used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the loss of 4,502.9 BTC, valued at $308 million at the time. The stolen funds were subsequently transferred to wallets controlled by TraderTraitor.

This incident is part of a broader trend of increasing cryptocurrency thefts attributed to North Korean hackers. In 2024, such thefts have surged, with losses reaching $1.34 billion, doubling the previous year's total and accounting for two-thirds of global cryptocurrency thefts. These funds are reportedly used to support North Korea's ballistic missile and nuclear programs.

The DMM Bitcoin hack is among several high-profile cryptocurrency thefts in 2024. Other significant incidents include the theft of over $235 million from India's WazirX in July. The rise in such heists coincides with a significant increase in Bitcoin's value, which has soared by 140% to surpass the $100,000 mark. Most of the stolen funds have been attributed to compromised private keys targeting centralized platforms.

In response to these incidents, authorities are emphasizing the importance of robust cybersecurity measures and vigilance against social engineering tactics employed by threat actors. The collaboration between U.S. and Japanese agencies underscores the international effort to combat cybercrime and hold perpetrators accountable.