Japanese police revealed Tuesday that hackers affiliated with the North Korean regime are likely behind the $307 million attack on crypto exchange DMM Bitcoin.
North Korean hackers are said to be behind a multi-million attack on a crypto exchange, which cost the platform over $300 million worth of crypto in stolen funds.
In a Dec. 23 press release, the Federal Bureau of Investigation alongside Japan’s National Police Agency revealed that the hack, which occurred in May, is linked to North Korean cyber actors and is associated with the threat group known as TraderTraitor, also referred to as Jade Sleet, UNC4899, and Slow Pisces.
According to authorities, the cyber attack began when a North Korean hacker, pretending to be a recruiter on LinkedIn, contacted an employee at Ginco, a Japanese company that provides crypto wallet software. The hacker tricked the employee into downloading a malicious Python script, which was disguised as part of a pre-employment test. The employee unknowingly uploaded the script to their personal GitHub page, allowing the attacker to gain access to sensitive company systems.
By mid-May, the attackers used stolen session cookies to impersonate the compromised employee and infiltrated Ginco’s unencrypted communications system, leading to a manipulation of a legitimate transaction request from DMM Bitcoin. Eventually, this scheme allowed the hackers to steal 4,502.9 (BTC), equivalent to $307 million at the time. The stolen cryptocurrency was later transferred to wallets controlled by the TraderTraitor group, the FBI said.
As crypto.news reported earlier, the United States and South Korea have teamed up to create new mechanisms to prevent crypto thefts linked to North Korea. The two countries have reportedly signed an agreement to jointly create technologies to stop crypto thefts. While details remain unclear, South Korea’s science ministry will also support the initiative through 2026.
Source: https://crypto.news/north-korean-hackers-likely-behind-dmm-bitcoins-307m-attack/