Loading Ratings...
Japanese and U.S. authorities have formally attributed the $308 million crypto theft from DMM in May 2024 to North Korean cyber actors.
Author: Sahil Thakur
Written On: Thu, 26 Dec 2024 05:23:56 GMT
Japanese and U.S. authorities have formally attributed the $308 million cryptocurrency theft from DMM Bitcoin in May 2024 to North Korean cyber actors. The U.S. Federal Bureau of Investigation (FBI), Department of Defense Cyber Crime Center, and Japan’s National Police Agency identified the attackers as members of the TraderTraitor group, also known as Jade Sleet, UNC4899, and Slow Pisces.
The theft stemmed from a social engineering campaign targeting multiple employees at the same time, a hallmark of TraderTraitor operations. The group has been active since at least 2020 and is notorious for using job-themed schemes and malicious GitHub projects to infect targets with malware.
In this case, attackers contacted an employee at Ginco, a Japan-based cryptocurrency wallet software company, in March 2024. Posing as recruiters, they sent a URL containing malicious Python code hosted on GitHub as part of a fake pre-employment test. The compromised employee, who had access to Ginco’s wallet management system, unknowingly exposed sensitive credentials.
In mid-May 2024, the threat actors exploited session cookies to impersonate the compromised employee and accessed Ginco’s unencrypted communications system. By late May, they manipulated a legitimate transaction request from a DMM Bitcoin employee, facilitating the theft of 4,502.9 BTC, worth $308 million at the time.
The stolen cryptocurrency was moved to TraderTraitor-controlled wallets. Blockchain intelligence firm Chainalysis revealed the attackers used Bitcoin CoinJoin Mixing Service to launder funds before transferring portions through bridging services. The funds eventually ended up at HuiOne Guarantee, a marketplace tied to Cambodia’s HuiOne Group, previously implicated in cybercrime activities.
DMM Bitcoin, grappling with the fallout of the attack, ceased its operations earlier this month. The breach underscores the persistent threat North Korean groups pose to the cryptocurrency industry.
The AhnLab Security Intelligence Center (ASEC) reported that Andariel, a subgroup of North Korea’s Lazarus Group, is deploying the SmallTiger backdoor in attacks targeting South Korean financial firms. These coordinated efforts highlight North Korea’s aggressive pursuit of cryptocurrency to fund its activities.
Real voices. Real reactions.
Add your reaction to this story:
Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.
SEC Approves Conversion of Grayscale’s Large-Cap Crypto Fund into ETF
Do Kwon Gets Another Two Week Extension Ahead Of Trial
Quick Sync Exploited in Targeted Attack, Token Falls By 99% In 7 Days
Figma Allocates $69.5M to Bitcoin ETF in IPO Prospectus
SEC Approves Conversion of Grayscale’s Large-Cap Crypto Fund into ETF
Do Kwon Gets Another Two Week Extension Ahead Of Trial
Quick Sync Exploited in Targeted Attack, Token Falls By 99% In 7 Days
Figma Allocates $69.5M to Bitcoin ETF in IPO Prospectus
