The FBI and Japan's National Police Agency confirmed the involvement of the North Korean group TraderTraitor in the May 2024 hack of the DMM Bitcoin exchange.
Confirmation of DMM Bitcoin Hack
The United States Federal Bureau of Investigation and Japan’s National Police Agency have confirmed that the North Korean hacking group TraderTraitor orchestrated the cyber-attack on Japanese exchange DMM Bitcoin. The breach resulted in the theft of over $300 million.
Hacking Methods and Losses
According to the FBI, the group used “targeted social engineering” tactics. A hacker posed as a LinkedIn recruiter, targeting an employee at Ginco, which provides wallet management services to DMM Bitcoin. Under the guise of a pre-employment test, a malicious script was shared via GitHub, granting access to Ginco’s systems. The attackers then used the employee’s credentials to manipulate a legitimate transaction, resulting in a loss of 48.2 billion yen.
Further Implications and Acquisition
The FBI continues to investigate alongside the US Department of Defense Cyber Crime Center, tracking various aliases used by TraderTraitor. Meanwhile, SBI VC Trade, a division of Japan’s SBI Holdings, announced its acquisition of all customer accounts and assets from DMM Bitcoin, which is set to be completed by March 2025.
The confirmation of TraderTraitor’s involvement in the DMM Bitcoin attack highlights the threats of cybercrime and the need for cryptocurrency asset protection.