Social engineering penetration, DMM Bitcoin suffered heavy losses

The FBI and the Japanese National Police Agency (NPA) recently jointly uncovered a theft of 3,052.9 Bitcoins, locking in the "Trader Traitor" hacker group related to North Korea. According to official reports, in May this year, DMM Bitcoin, a well-known Japanese encryption exchange, was hacked and lost 4,502.9 Bitcoins, with a market value of approximately US$300 million at the time. These hackers used carefully planned social engineering techniques to pretend to be LinkedIn headhunters to establish contact with corporate employees, and eventually took over key system signature permissions and stole huge assets.

比特幣-北韓駭客攻擊-FBI-日本警察Source: FBI The FBI and the Japanese National Police jointly exposed the DMM Bitcoin hacking case and targeted the "TraderTraitor" hacking group related to North Korea

According to the FBI, TraderTraitor first targeted an employee of the Japanese company Ginco under the guise of a "LinkedIn headhunter" and sent a seemingly harmless Python code, falsely claiming that it was a "pre-recruitment program test." Once the victim employee uploaded the program to his GitHub, the attackers successfully penetrated his computer and the company's internal communications system. Afterwards, the hacker pretended to be an insider of DMM Bitcoin, secretly implanted malicious operations in a normal transaction request, and successfully stole a large number of Bitcoins.

The industry is facing threats, and major CeFi cases are frequently reported

DMM Bitcoin is one of the worst-hit centralized finance (CeFi) cases of 2024. Previous reports stated that the exchange activated its own funds for emergency response, using approximately 35 billion yen to make up for the asset gap, and has suspended some services for investigation and improvement. The FBI emphasized that North Korean hacker groups have become a key source of global cybersecurity threats by hacking cryptocurrency to evade international economic sanctions. In addition to DMM Bitcoin, Indian exchanges such as WazirX have also suffered hundreds of millions of dollars in attacks in recent years, causing a huge impact on the CeFi industry.

In contrast, according to statistics from multiple blockchain security companies, although the overall encryption market will face frequent hacker attacks in 2024, losses on the decentralized finance (DeFi) side will decrease compared with last year. Looking back at CeFi, vulnerabilities in social engineering, permission control, and malicious contract updates are still the core targets of attackers. How to strengthen internal personnel review and implement multi-signature and zero-trust mechanisms has become a management issue that exchanges must address.

Further reading
Centralization vs. decentralization, which one is safer? The amount of CeFi hacks far exceeded last year, but DeFi has improved

Many countries have joined forces to combat, and the threat of social engineering cannot be underestimated

To combat such national-level hacking operations, the FBI is working together with the U.S. Department of Defense’s Cybercrime Center (DC3) and the Japanese National Police Agency (NPA). The report pointed out that the TraderTraitor Group often deceives multiple corporate employees at the same time, and uses seemingly legitimate recruitment and examination processes to induce victims to download malicious programs or links, and finally obtain key back-end information or signature permissions. Officials call on businesses and practitioners to remain highly vigilant, avoid clicking on unfamiliar links or files, and at the same time strengthen safety education and management for internal employees.

(Crypto City) also reminds readers that recently many KOLs have downloaded malicious programs and their assets have been reduced to zero overnight. Therefore, whether you are an employee or not, you should be vigilant. If there are private messages from strangers, you must take multiple measures. Confirm to avoid damage to your assets.

For practitioners and investors, in the face of the ever-changing encryption world, they need to be more vigilant against such step-by-step attacks. As this case shows, hackers may be able to capture large amounts of assets with just a "friendly invitation from LinkedIn", posing a higher challenge to the risk management of the encryption industry.

"Why was the DMM exchange hacked?" Revealing North Korea’s Hacking Techniques: Become a LinkedIn Headhunting Expert” This article was first published on “CryptoCity”