news 
North Koreans Blamed for $300 Million DMM Bitcoin Hack
In a shocking turn of events, the FBI, Department of Defense Cyber Crime Center (DC3), and Japan’s National Police Agency (NPA) have collaborated to identify and expose the state-backed TraderTraitor group as the perpetrators of a sophisticated phishing attack resulting in the theft of $300 million from DMM Bitcoin, a Japan-based cryptocurrency company.
The hack, which occurred in late March 2024, was executed through a deceptive recruitment tactic and the use of malicious Python scripts. A North Korean cyber actor posed as a recruiter on LinkedIn and contacted an employee at Ginco, a Japan-based enterprise cryptocurrency wallet software company, with a URL linked to a malicious script disguised as a pre-employment test hosted on GitHub. The employee, who had access to Ginco’s wallet management system, inadvertently executed the script, leading to the compromise of their credentials.
By mid-May 2024, the TraderTraitor actors exploited session cookie information to impersonate the compromised employee, gaining unauthorized access to Ginco’s unencrypted communications system. This allowed them to manipulate a legitimate transaction request by a DMM employee, resulting in the unauthorized transfer of 4,502.9 BTC, valued at over $300 million at the time, to wallets controlled by the attackers.
The FBI, DC3, and NPA have emphasized their commitment to pursuing such cyber threats: “The FBI, National Police Agency of Japan, and other U.S. government and international partners will continue to expose and combat North Korea’s use of illicit activities—including cybercrime and cryptocurrency theft—to generate revenue for the regime.”
This incident serves as a stark reminder of the persistent threat posed by North Korean cyber actors to the global financial system, particularly the cryptocurrency sector.
The TraderTraitor group has been known for targeted social engineering attacks aimed at multiple employees within the same organization. Authorities continue to investigate and implement measures to prevent such incidents, urging companies to enhance their cybersecurity protocols and employee training to defend against sophisticated phishing attacks.
DMM Bitcoin is one of the largest exchanges in Japan, providing a secure platform for users to buy and sell various cryptocurrencies.
Source: fullycrypto.com
