HQ/EMEAFind out how we can help your business
North Korean hackers are the alleged culprits of a $308 million worth of crypto heist from the cryptocurrency startup DMM Bitcoin last May. The US and Japanese law enforcement agencies made the claims.
According to these agencies, the heist is orchestrated by the notorious TraderTraitor threat group, which also goes by various names, such as Jade Sleet, UNC4899, and Slow Pisces. This North Korean hacking group conducts malicious operations that commonly involve social engineering and are intended to target numerous employees from the same organisation simultaneously.
The advisory about the recent incident came from various federal law enforcement agencies in the United States and a Japan-based police agency. DMM Bitcoin suspended operations earlier this month following the attack.
The alleged attackers of DMM Bitcoin typically target Web3 firms.
Investigations revealed that TraderTraitor, the alleged DMM Bitcoin attacker, is a North Korean-linked advanced persistent threat group responsible for multiple cybercriminal activities targeting Web3 companies.
For the past years, the hacker group has executed numerous cyberattacks using job-themed social engineering operations or contacting potential targets by posing as a GitHub project, which leads to the distribution of malicious npm packages.
The gang is most notorious for accessing and gaining unauthorised access to JumpCloud’s servers last year to target a small number of downstream customers.
The FBI’s documented attack chain is similar in that the threat actors contacted an employee at Ginco, a Japan-based cryptocurrency wallet software company, in March 2024, posing as a recruiter and sending them a URL to a malicious Python script hosted on GitHub as part of a pre-employment test.
The victim, who had access to the Japan-based crypto wallet’s management system, was ultimately compromised after copying the Python code to their personal GitHub page.
In mid-May 2024, the adversary advanced to the next stage of the assault when it used session cookie information to pose as the compromised employee and acquire access to Ginco’s unencrypted communications system.
The discovery comes shortly after a separate investigation recognised the DMM Bitcoin hack to North Korean threat actors, claiming that the attackers exploited infrastructure flaws to make unauthorised withdrawal transactions.
