North Korean hackers stole $308 million from the Japanese company DMM Bitcoin

24 December 2024 2 minutes Author: Newsman

Japanese and US authorities have accused the North Korean group TraderTraitor of stealing 308 million $ in cryptocurrency from DMM Bitcoin in May 2024.

The attack was organized by the North Korean hacking group TraderTraitor, also known as Jade Sleet and UNC4899. The group specializes in social engineering, luring company employees to install malware through fake job offers or collaborative projects on GitHub.

In particular, the attackers contacted an employee of Ginco, a company that worked with wallets for DMM Bitcoin. They sent a fake Python test script that became a tool to further gain access to the system. In May 2024, hackers used an employee’s session data to manipulate Ginco’s internal system, resulting in the loss of 4,502.9 BTC.

Chainalysis confirmed that the funds were moved through the CoinJoin Mixing Service to obfuscate the trail and on through online venues, including HuiOne Guarantee, known for its links to cybercrime. TraderTraitor has been operating since 2020, focusing on companies in the Web3 sector, cryptocurrency and infrastructure services. The group is also known for attacking JumpCloud and exploiting vulnerabilities to distribute malicious npm packages. In this incident, the main methods were social engineering and manipulation of internal transactions.

The DMM Bitcoin incident shows the vulnerability of cryptocurrency companies to sophisticated attacks involving social engineering and multi-level manipulation. This underscores the need to strengthen cyber defenses, especially in companies dealing with digital assets.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.