Japanese Crypto Exchange DMM Hack Pinned to North Korea
The $308 million hack of Japanese crypto exchange DMM in May was the work of North Korean hackersUS and Japanese law enforcement agencies said Monday.
The theft of 4,502.9 bitcoin (BTC), which is forcing the exchange to closeis “affiliated” with a group known as TraderTraitor, the FBI said in a statement along with the Department of Defense Cyber Crime Center and Japan’s National Police Agency.
Hackers linked to North Korea leads crypto crime this year, Chainalysis said in its annual report on the topic. The country, whose official name is the Democratic People’s Republic of Korea (DPRK), is tied for more than half the amount of crypto stolen in 2024. Its operatives are responsible for stealing $1.34 billion in 47 incidents, more than double the $660 million (a figure revised from an initial estimate) taken last year.
TraderTraitor, also known as Jade Sleet, UNC4899 and Slow Pisces, generally operates through targeted social engineering, according to the statement. In this case, malicious code was inserted into a Python script used in a fictitious pre-employment test and sent by an operative posing as a recruiter on LinkedIn to a candidate who worked for an outside enterprise, the crypto wallet company Ginco .
The victim copied the code to their personal Github page, giving TraderTraitor access to the session cookie information that allowed it to access Ginco’s communication system. Months later, it likely used the access to intercept a legitimate transaction request by a DMM employee, leading to the theft, the agencies said.