The FBI confirmed that the North Korean hacker group TraderTraitor stole 4,502.9 Bitcoin (equivalent to 300 million USD) from the Japanese cryptocurrency exchange DMM through a sophisticated attack.
A serious cyber attack targeting the Japanese cryptocurrency exchange DMM in May 2024 was uncovered by the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Police Agency of Japan (NPA) on December 23.
According to published information, the hacker group TraderTraitor, believed to be linked to North Korea, stole 4,502.9 Bitcoin, worth approximately 300 million USD at the time of the incident.
Source: FBI
The incident began in March 2024 when a hacker from the TraderTraitor group approached an employee of the Japanese cryptocurrency wallet company Ginco through LinkedIn, posing as a recruiter. Using sophisticated tactics, this hacker sent a malicious link disguised as a recruitment test on GitHub. The Ginco employee, believing the link to be legitimate, accidentally copied the code into their personal GitHub account, allowing the hacker to infiltrate.
By May 2024, the TraderTraitor group had used the stolen information to access Ginco's internal communication system. The FBI stated that the hacker group manipulated a valid transaction request from a DMM employee, resulting in the transfer of over 300 million USD in Bitcoin to wallets they controlled. This attack was carried out by exploiting illegal access to Ginco's system after successfully infiltrating the employee's account.
Impact on cybersecurity in the cryptocurrency sector
The attack on DMM is not an isolated case. According to Chainalysis, as of December 19, 2024, there have been 303 cybersecurity incidents in the cryptocurrency sector, resulting in total damages of up to 2.2 billion USD.
The cybersecurity company Web3, Cyvers, also reported a significant increase in attacks targeting centralized finance (CeFi), with the number of incidents rising by 1,000% compared to the same period last year. This reflects the increasing danger and sophistication of cyberattacks in the cryptocurrency industry.
The FBI confirmed it will continue to cooperate with the NPA and international partners to investigate and prevent cybercrime activities, particularly those aimed at generating financial resources for the North Korean government.
