According to Deep Tide TechFlow news on December 24, as reported by CoinDesk Japan, regarding the theft of 4,502.9 BTC from the cryptocurrency exchange DMM Bitcoin that occurred in May, the Japanese National Police Agency reported on December 24 that the incident was perpetrated by the Trader Traitor group, which is part of the North Korean hacker organization Lazarus Group. The Japanese National Police Agency stated that they will continue to cooperate with the FBI, other U.S. government agencies, and international partners to investigate the illegal activities of North Korean hackers, including cybercrime and cryptocurrency theft incidents.

According to reports, the attack was conducted in multiple stages. According to the National Police Agency, in late March 2024, the criminal group first posed as company recruiters on the business social network LinkedIn and contacted employees of Ginco, a software development company managing cryptocurrency transactions for DMM Bitcoin.

The gang used a fake recruitment test as a pretext to send a link to a website containing malicious software. Employees who opened these links had their accounts hijacked. Using this vulnerability as a springboard, the gang began invading Ginco's internal systems starting in mid-May using the hijacked accounts. The gang then manipulated DMM Bitcoin's trading program, resulting in the transfer of customer assets to another address controlled by the attacking group.

DMM Bitcoin has decided to close its exchange following capital outflows. Assets and customer accounts will be transferred to SBIVC Trade, with the transition scheduled for completion in March 2025.