Last updated:
Ad Disclosure
We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
The US Federal Bureau of Investigation (FBI) and Japanâs National Police Agency, noted that a North Korean hacking group, TraderTraitor, orchestrated the infamous Japanese exchange DMM Bitcoin hack.
In May, the exchange lost 4,502.9 Bitcoin, comprising 48.2 billion yen ($305 million) worth of customer funds.
Per FBIâs statement, the theft is affiliated with TraderTraitor threat activity, which targets multiple employees of the same company simultaneously.
âThe FBI, National Police Agency of Japan, and other U.S. government and international partners will continue to expose and combat North Koreaâs use of illicit activitiesâincluding cybercrime and cryptocurrency theftâto generate revenue for the regime,â the note read.
TraderTraitor is believed to be affiliated with North Koreaâs hacking collective, the Lazarus Group. The investigation was conducted in collaboration with the FBI, and the U.S. Department of Defense Cyber Crime Center.
TraderTraitor Uses âTargeted Social Engineeringâ Tactics
The TraderTraitor threat activity is also tracked under the North Korean-affiliated threat category Jade Sleet, UNC4899, and Slow Pisces.
The investigations noted that a North Korean threat actor disguised as a LinkedIn recruiter to contact an employee at Japan-based crypto wallet software firm, Ginco. The employee supposedly maintained access to Gincoâs wallet management system.
In the name of pre-employment test, the victim received a malicious Python script on a GitHub page, the FBI added. The victim further copied the code to their GitHub page, leading to the hack.
The TraderTraitor actors initially gained access to the compromised employeeâs unencrypted Ginco communications system. Further, they used it to manipulate a legitimate transaction request by a DMM employee. The attack resulted in the loss of $308 million worth Bitcoin at the time of the attack. The stolen funds ultimately moved to TraderTraitor-controlled wallets, the report noted.
Early this month, DMM Bitcoin announced that it is preparing to wind down operations following the loss. The exchange plans to transfer all customer assets to the SBI Group-managed crypto exchange, SBI VC Trade.