The $305 Million DMM Bitcoin Hack: A Closer Look
In a shocking revelation, the FBI, Japan’s National Police Agency, and the Department of Defense Cyber Crime Center have jointly confirmed that the May 2024 $305 million breach of the Japanese crypto exchange DMM Bitcoin was orchestrated by North Korean-linked hackers.
Identifying the Culprits
- The attack was attributed to TraderTraitor threat actors, also known as Jade Sleet, UNC4899, and Slow Pisces.
- These hackers are notorious for using sophisticated social engineering attacks to exploit human vulnerabilities.
- Independent investigations have linked the breach to the Lazarus Group, another North Korean hacking syndicate.
Similarities with Previous Attacks
Crypto investigator ZachXBT noted similarities between the laundering methods used in this attack and those associated with Lazarus. The Lazarus Group was previously behind the $600 million theft from Axie Infinity’s Ronin bridge.
A Disturbing Trend
A Chainalysis report revealed that North Korean-backed hackers have been involved in over $1.3 billion worth of theft in 47 incidents this year alone, highlighting a concerning trend in the crypto space.
The DMM Bitcoin Hack Unveiled
According to authorities, the DMM Bitcoin breach originated from a well-coordinated social engineering scheme that targeted employees of Ginco, a Japanese crypto wallet software firm.
The Attack Strategy
- A North Korean operative posing as a recruiter on LinkedIn contacted a Ginco employee in March.
- The attacker shared a malicious Python script disguised as a pre-employment test on a GitHub page.
- The employee unknowingly granted the hacker access to sensitive data by copying the script to their personal GitHub account.
- This allowed the attacker to infiltrate Ginco’s communication system and eventually steal 4,502.9 BTC valued at $305 million.
Aftermath and Future Plans
The DMM Bitcoin hack has posed significant challenges for the exchange, which has announced plans to cease operations by March 2025.
As a result, the exchange has suspended withdrawals and spot trading activities, making it difficult for users to transfer their assets.
However, DMM Bitcoin intends to transfer all funds, including Japanese Yen and cryptocurrencies, to SBI VC Trade, a subsidiary of Japan’s financial giant SBI Holdings, in a bid to mitigate the impact of the hack.
