According to an official announcement from the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Police Agency of Japan (NPA), a cryptocurrency theft worth 308 million USD was carried out by North Korean cyber attackers. This incident occurred in May 2024, targeting the Japanese coin company, DMM.
The designated attack operation is named TraderTraitor, and is also known by other names such as Jade Sleet, UNC4899, and Slow Pisces. TraderTraitor's operations often use social engineering techniques, targeting multiple employees within the same company simultaneously.
At the end of March 2024, a North Korean cyber agent impersonating a recruiter on LinkedIn contacted an employee at Ginco, a cryptocurrency wallet software provider in Japan. The agent sent a URL containing malware under the guise of a recruitment test to the victim's personal GitHub, leading to a successful breach.
From mid-May 2024, TraderTraitor agents exploited session cookie information to impersonate compromised employees and gain access to Ginco's unencrypted communication system. By the end of the month, they used this access to manipulate a valid transaction request from a DMM employee, resulting in the loss of 4,502.9 BTC, worth 308 million USD at the time. The stolen coins were quickly transferred to wallets controlled by TraderTraitor.
The FBI, along with the National Police Agency of Japan and international partners, is committed to continuing the fight against and clarifying the illegal activities of North Korea, including cybercrime and coin theft, in order to seek funding sources for this regime.
The FBI emphasizes the importance of information security and cyber attack defense in the current cryptocurrency security context, as other altcoins may also become the next targets. The public and users need to be more cautious in crypto transactions to avoid becoming victims of such sophisticated attacks.