Ethereum

Hacking of Japanese cryptocurrency exchange DMM pinned on North Korea

North Korean hackers were responsible for the $308 million hack of Japanese cryptocurrency exchange DMM in May, U.S. and Japanese law enforcement agencies said Monday.

The FBI said in a statement to the Defense Department’s Cybercrime Center and the Japanese National Police Agency that the theft of 4,502.9 Bitcoin (BTC), which led to the exchange’s closure, was “linked” to a group known as TraderTraitor.

North Korea-linked hackers dominated cryptocurrency crime this year, Chainalysis said in its annual report on the topic. North Korea, officially the Democratic People’s Republic of Korea (DPRK), is linked to more than half of the value of stolen cryptocurrencies in 2024. North Korean agents stole $1.34 billion in 47 incidents, more than double $660. $1 million (a figure revised down from the original estimate) was calculated last year.

TraderTraitor, also known as Jade Sleet, UNC4899, and Slow Pisces, typically operates through targeted social engineering, according to the statement. In this case, malicious code was injected into a Python script used in a fictitious pre-employment test that sent agents posing as recruiters from LinkedIn to applicants working for an external company, Ginco, a cryptocurrency wallet company.

Victims copied the code to a private Github page, giving TraderTraitor access to session cookie information that gave them access to Ginco’s communications systems. Months later, access was used to intercept legitimate transaction requests from DMM employees, which likely led to the theft, the agency said.

Related Articles

Back to top button