FBI Report

A new FBI report reveals that North Korean cyber actors stole $308 million worth of Bitcoin from Japan-based cryptocurrency firm DMM in May 2024.

The attackers are being traced to “TraderTraitor” who initiated the attack by posing as recruiters on LinkedIn. The investigation is being conducted by the Federal Bureau of Investigation (FBI) together with the Japanese National Police Agency and the US Department of Defense.

DMM Bitcoin has already announced that it will go out of business after some of its services were suspended following the massive theft. However, the cryptocurrency industry lost around $1.5 billion to hackers in 2024. That’s down 17% from last year. The $235 million hack of India’s WazirX is one of the biggest hits on the list.

From LinkedIn to $308 Million Heist

According to the report, $308 million worth of Bitcoin was stolen from Ginco, a cryptocurrency wallet company. The TraderTraitor attacker posed as a LinkedIn recruiter and sent a malicious Python script to an employee as part of a “pre-employment test.”

Once the script was executed, the hackers technically gained unauthorized access to Ginco’s systems. By mid-May, they had exploited session cookies to impersonate the compromised employee. This helped them breach Ginco’s communications network.

She added that by late May, TraderTraitor hackers manipulated a transaction requested by a DMM employee. This is how they managed to withdraw 4,502.9 Bitcoin (worth approximately $308 million). The funds were then transferred to wallets controlled by the organization.

Bitcoin price has undergone a major correction recently. BTC price dropped straight to $94,000 from over $100,000. It is now down 12.5% ​​in the last 7 days. Bitcoin is trading at an average price of $94,321, at press time. 24-hour trading volume is up 14% to $57 billion.

FBI and Japan Break Up Scams

Japan’s Financial Services Agency already ordered the exchange to improve its operations in September, citing its risk management structure. No users were reported to have suffered financial damage as the exchange was able to secure 55 billion yen (about $350 million) from a collective company to cover lost assets.

The Federal Bureau of Investigation (FBI), Japan's National Police Agency (NPA), and the Department of Defense's Cybercrime Center are coordinating efforts to counter North Korea's illicit activities, which use cybercrime to fund its regime.

The FBI report noted that such operations are also known as Jade Sleet and Slow Pisces. These activities highlight the risks of targeted social engineering. It noted that in such cases, TraderTraitor often directs simultaneous attacks on multiple employees within organizations.

The cryptocurrency industry suffered $1.49 billion in losses due to hacks and fraud in 2024, down 17% from 2023. Hacks accounted for $1.47 billion, while fraud only accounted for $28 million. The main DMM Bitcoin hack of $305 million and the WazirX hack of $235 million together accounted for 36% of the total losses. The decrease in losses reflects improved security, with successful attacks down 27.5%.