The Federal Bureau of Investigation (FBI) has confirmed that North Korean hackers stole $308 million worth of Bitcoin from Japanese cryptocurrency exchange DMM Bitcoin in May 2024, marking one of the largest cryptocurrency thefts of the year.
According to a joint announcement by the FBI, Japan's National Police Agency, and the Department of Defense Cyber Crime Center, the attack was carried out by a North Korean hacking group known as "TraderTraitor" who successfully stole 4,502.9 Bitcoin.
The sophisticated cyber attack began in March when hackers posed as recruiters and targeted an employee at Ginco, a cryptocurrency wallet software company partnered with DMM. The attackers sent the employee a malicious Python script disguised as a pre-employment test hosted on GitHub. After the employee copied the code to their personal GitHub page, the hackers gained access to Ginco's systems.
By mid-May, the attackers exploited this access to infiltrate DMM's communications system by impersonating the compromised Ginco employee. They then intercepted and modified a legitimate transaction request from DMM, redirecting the funds to wallets under their control.
"The stolen funds ultimately moved to TraderTraitor-controlled wallets," stated the investigating agencies in their report. The group, also known as Jade Sleet and UNC4899, has been actively targeting companies in the cryptocurrency sector since 2020.
The incident led DMM Bitcoin to shut down its operations earlier this month. According to blockchain security experts, the hackers have already begun moving portions of the stolen Bitcoin through mixing services in an attempt to obscure the funds' origin.
This attack appears to be part of North Korea's broader campaign of cryptocurrency theft to generate revenue and evade international sanctions. Law enforcement officials emphasize that this case demonstrates the growing threat of state-sponsored cybercrime in the digital asset space.
The investigation remains ongoing as authorities work to trace the stolen funds and prevent further attacks. The case has prompted calls for enhanced cybersecurity measures across the cryptocurrency industry and greater international cooperation in combating cyber threats.