The FBI, Japan’s National Police Agency, and the US Department of Defense’s Cyber Crime Center confirmed that hackers linked to North Korea were responsible for breaching the security and stealing $305 million from the Japanese DMM Bitcoin exchange in May 2024. The attack has been attributed to the TraderTraitor group. The hackers targeted an employee of the Ginco digital currency wallet software company through sophisticated social engineering. By impersonating a recruiter on the LinkedIn website, they sent a malicious Python script as a pre-employment test. This led to the hacker gaining access to Ginco’s unencrypted communication system. Ultimately, the attacker was able to manipulate a legitimate transaction request from the exchange’s employee, stealing 4,502 bitcoins worth $305 million. Since then, DMM Bitcoin has halted withdrawals and cash transactions.
