FBI, Japanese Police Find N. Korean TraderTraitor Links in $300M Bitcoin Hack

The US Federal Bureau of Investigation (FBI) and Japan’s National Police Agency, noted that a North Korean hacking group, TraderTraitor, orchestrated the infamous Japanese exchange DMM Bitcoin hack.

In May, the exchange lost 4,502.9 Bitcoin, comprising 48.2 billion yen ($305 million) worth of customer funds.

Per FBI’s statement, the theft is affiliated with TraderTraitor threat activity, which targets multiple employees of the same company simultaneously.

“The FBI, National Police Agency of Japan, and other U.S. government and international partners will continue to expose and combat North Korea’s use of illicit activities—including cybercrime and cryptocurrency theft—to generate revenue for the regime,” the note read.

TraderTraitor is believed to be affiliated with North Korea’s hacking collective, the Lazarus Group. The investigation was conducted in collaboration with the FBI, and the U.S. Department of Defense Cyber Crime Center.

TraderTraitor Uses ‘Targeted Social Engineering’ Tactics

The TraderTraitor threat activity is also tracked under the North Korean-affiliated threat category Jade Sleet, UNC4899, and Slow Pisces.

The investigations noted that a North Korean threat actor disguised as a LinkedIn recruiter to contact an employee at Japan-based crypto wallet software firm, Ginco. The employee supposedly maintained access to Ginco’s wallet management system.

In the name of pre-employment test, the victim received a malicious Python script on a GitHub page, the FBI added. The victim further copied the code to their GitHub page, leading to the hack.

The TraderTraitor actors initially gained access to the compromised employee’s unencrypted Ginco communications system. Further, they used it to manipulate a legitimate transaction request by a DMM employee. The attack resulted in the loss of $308 million worth Bitcoin at the time of the attack. The stolen funds ultimately moved to TraderTraitor-controlled wallets, the report noted.

Early this month, DMM Bitcoin announced that it is preparing to wind down operations following the loss. The exchange plans to transfer all customer assets to the SBI Group-managed crypto exchange, SBI VC Trade.