North Korean Hackers Orchestrate $308M Bitcoin Heist from Japanese Exchange

· 1 min read

article picture

In a massive cryptocurrency heist, North Korean hackers successfully stole $308 million worth of Bitcoin from Japanese crypto exchange DMM Bitcoin in May 2024, according to a joint statement from U.S. and Japanese authorities.

The FBI, Department of Defense Cyber Crime Center, and Japan's National Police Agency attributed the theft to a North Korean hacking group known as TraderTraitor. The group orchestrated a sophisticated social engineering attack that began by targeting an employee at Ginco, a Japanese crypto wallet software company.

Posing as a recruiter on LinkedIn, the hackers sent a malicious Python script disguised as a pre-employment test to a Ginco employee in March 2024. After the employee copied the script to their personal GitHub page, the attackers gained access to sensitive session data that allowed them to infiltrate Ginco's communication systems.

The hackers then exploited this access in May to manipulate a legitimate transaction request from a DMM Bitcoin employee, ultimately stealing 4,502.9 Bitcoin valued at $308 million. The stolen funds were traced to wallets controlled by the North Korean group.

"The actors moved millions of dollars worth of crypto through several intermediary addresses before reaching a Bitcoin mixing service," according to blockchain intelligence firm Chainalysis. The funds were later moved through various bridging services and eventually to HuiOne Guarantee, an online marketplace tied to a Cambodian conglomerate.

The massive theft has had severe consequences for DMM Bitcoin, which announced it will cease operations by March 2025. The exchange has already halted withdrawals and spot trading activities, though it plans to transfer remaining customer assets to SBI VC Trade.

This attack adds to a growing list of major cryptocurrency heists attributed to North Korean hackers, who have stolen over $1.3 billion through 47 separate incidents in 2024 alone, according to Chainalysis data.