According to Deep Tide TechFlow, on December 24, CoinDesk Japan reported that the theft of 4,502.9 BTC from the cryptocurrency exchange DMM Bitcoin that occurred in May was attributed to the Trader Traitor, a hacker organization under North Korea's Lazarus Group. The National Police Agency of Japan stated that it will continue to cooperate with the FBI, other U.S. government agencies, and international partners to investigate the illegal activities of North Korean hackers, including cybercrime and cryptocurrency theft incidents.
It is reported that the attack was carried out in multiple stages. According to the National Police Agency, in late March 2024, the criminal group first pretended to be company recruiters on the business social network LinkedIn, contacting employees of Ginco, a software development company that manages cryptocurrency transactions for DMM Bitcoin.
The group used recruitment testing as a pretext to send a link to a website containing malware. Accounts of employees who opened these links were hijacked. Using this vulnerability as a springboard, the group began to invade Ginco's internal systems using the hijacked accounts from mid-May onwards. The group then manipulated DMM Bitcoin's trading program, resulting in customers' assets being transferred to another address controlled by the attacking group.
DMM Bitcoin has decided to close its exchange after the outflow of funds. Assets and customer accounts will be transferred to SBIVC Trade, with the transition expected to be completed by March 2025.