Cryptonews Bitcoin News

FBI, Japanese Police Find N. Korean TraderTraitor Links in $300M Bitcoin Hack

Crypto Hacks North Korea

In May, DMM Bitcoin exchange lost 4,502.9 Bitcoin, comprising $305 million worth of customer funds.

Author

Sujha Sundararajan

Author

Sujha Sundararajan

About Author

Sujha has been recognised as 🟣 Women In Crypto 2024 🟣 by BeInCrypto for her leadership in crypto journalism.

Author Profile

Last updated:

December 24, 2024

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

The US Federal Bureau of Investigation (FBI) and Japan’s National Police Agency, noted that a North Korean hacking group, TraderTraitor, orchestrated the infamous Japanese exchange DMM Bitcoin hack.

In May, the exchange lost 4,502.9 Bitcoin, comprising 48.2 billion yen ($305 million) worth of customer funds.

Per FBI’s statement, the theft is affiliated with TraderTraitor threat activity, which targets multiple employees of the same company simultaneously.

“The FBI, National Police Agency of Japan, and other U.S. government and international partners will continue to expose and combat North Korea’s use of illicit activities—including cybercrime and cryptocurrency theft—to generate revenue for the regime,” the note read.

TraderTraitor is believed to be affiliated with North Korea’s hacking collective, the Lazarus Group. The investigation was conducted in collaboration with the FBI, and the U.S. Department of Defense Cyber Crime Center.

The TraderTraitor threat activity is also tracked under the North Korean-affiliated threat category Jade Sleet, UNC4899, and Slow Pisces.

The investigations noted that a North Korean threat actor disguised as a LinkedIn recruiter to contact an employee at Japan-based crypto wallet software firm, Ginco. The employee supposedly maintained access to Ginco’s wallet management system.

In the name of pre-employment test, the victim received a malicious Python script on a GitHub page, the FBI added. The victim further copied the code to their GitHub page, leading to the hack.

The TraderTraitor actors initially gained access to the compromised employee’s unencrypted Ginco communications system. Further, they used it to manipulate a legitimate transaction request by a DMM employee. The attack resulted in the loss of $308 million worth Bitcoin at the time of the attack. The stolen funds ultimately moved to TraderTraitor-controlled wallets, the report noted.

Early this month, DMM Bitcoin announced that it is preparing to wind down operations following the loss. The exchange plans to transfer all customer assets to the SBI Group-managed crypto exchange, SBI VC Trade.