The FBI and Japan’s National Police Agency have linked the North Korean hacker group TraderTraitor to a major attack on Japan’s DMM Bitcoin exchange, stealing 4,502.9 Bitcoin (worth $305 million).
How Did DMM Bitcoin Lose $305 Million?
On May 31, 2024, hackers stole over 4,500 BTC from DMM Bitcoin’s wallet when a private key linked to it was compromised. The hack, which the company described as an “unauthorized leak,” is one of Japan’s largest crypto hacks, second only to the infamous $530 million Coincheck hack in 2018. In response, the exchange froze withdrawals and limited trading, assuring users that all Bitcoin deposits would be refunded. However, the breach forced the exchange to pause its restructuring efforts and prioritize finding solutions for its customers. T
FBI Warns of North Korea’s Cybercrime Network’s Role Behind the Hack
The breach was traced to TraderTraitor, a group linked to North Korea’s cybercrime network, operating under aliases like Jade Sleet, UNC4899, and Slow Pisces. The FBI, along with global partners, is working to address North Korea’s involvement in cybercrime and cryptocurrency theft.
An official statement reads:
“The FBI, National Police Agency of Japan, and other U.S. and international partners will continue to expose and combat North Korea’s use of illicit activities—such as cybercrime and cryptocurrency theft—to fund its regime.”
Analyst ZachXBT had previously connected the attack to the Lazarus Group, pointing to similarities in laundering methods and off-chain activities.
How Did Social Engineering Fuel the Cyber Heist?
The operation began when TraderTraitor hackers, posing as LinkedIn recruiters, targeted an employee of Ginco, a Japan-based crypto wallet software firm with links to DMM Bitcoin. The attackers used a malicious Python script disguised as part of a pre-employment test to breach Ginco’s systems.
The unsuspecting employee uploaded the compromised code to their GitHub page, inadvertently granting the hackers access to the company’s unencrypted communications. The attackers then manipulated a legitimate transaction request by a DMM Bitcoin employee, siphoning off over $300 million worth of BTCs into TraderTraitor-controlled wallets.
The Fallout From the Hack
The stolen funds represent a significant blow to the DMM Bitcoin, which launched in 2018. This setback led to the halt of its Seamoon Protocol project, which focused on Web3 gaming and anime, and the shelving of its stablecoin launch with Progmat. Despite raising $365 million earlier this year, the company couldn’t recover from the loss. By March 2025, the company plans to shut down and transfer all customer assets to SBI VC Trade, a cryptocurrency exchange managed by the SBI Group.
A Growing Trend of Exchange Attacks
The DMM Bitcoin hack is part of a broader rise in attacks on centralized exchanges in 2024. Other major incidents this year include the $235 million breach of India’s WazirX exchange, a $52 million hack on Singapore’s BingX, and a $55 million exploit of Turkey’s BtcTurk. More recently, Seychelles-based XT.com paused withdrawals after a suspected $1.7 million hack.
Conclusion
The DMM Bitcoin attack has shaken Japan’s crypto industry and raised global concerns about state-sponsored cybercriminals. With North Korea’s TraderTraitor group behind the $305 million theft, the attack exploited social engineering tactics to compromise the exchange. The hack has hit Japan’s crypto industry hard, causing the exchange to shut down. As authorities track the stolen funds, stronger security in crypto is urgently needed.
Stay tuned to The BIT Journal and watch Crypto’s updates. Follow us on Twitter and LinkedIn, and join our Telegram channel to be instantly informed about breaking news!
Frequently Asked Questions (FAQs)
What happened in the DMM Bitcoin hack?
Hackers stole 4,500 BTC ($305 million) from DMM Bitcoin after a private key was compromised.
Who is behind the attack?
The attack was linked to TraderTraitor, a North Korean hacker group connected to the regime’s cybercrime network.
What role did social engineering play in the hack
Hackers used a LinkedIn recruitment scam to target an employee of a partner firm, Ginco, to gain access to unencrypted communications.
How has the FBI responded to the attack?
The FBI, along with international partners, is investigating and working to expose North Korea’s cybercrime network.
What impact does this hack have on Japan’s crypto industry?
The DMM Bitcoin hack has raised concerns about cybersecurity in Japan’s crypto sector and globally.