SBI VC Trade has stepped in to acquire the accounts and assets of DMM Bitcoin after the exchange suffered a $320 million hack earlier this year, attributed to the North Korea-linked cybercrime group TraderTraitor. Meanwhile, blockchain gaming leader Animoca Brands faced its own crisis as co-founder Yat Siu’s social media account was compromised to promote a fraudulent token.
Blockchain gaming giant Animoca Brands has confirmed a cyberattack on the social media account of its co-founder and chair, Yat Siu, marking yet another instance in a growing wave of attacks targeting cryptocurrency-focused accounts on X.
On Dec. 26, Animoca Brands issued a statement via X revealing the breach: “Unfortunately [Siu’s] social media account has been compromised. The token launch on Solana as claimed in a post was made by the hacker.” The fraudulent post had promoted a token named Animoca Brands (MOCA), falsely associating it with the company and its affiliated Mocaverse NFT collection.
The fake token was launched on Pump.fun, a Solana-based meme coin platform, and the now-deleted post lured unsuspecting followers to interact with the fraudulent asset.
Renowned blockchain investigator ZachXBT took to X to elaborate on the attack, suggesting that Siu likely fell prey to a phishing email sent by the same malicious actor responsible for a string of similar hacks. This threat actor has reportedly used social engineering techniques to compromise at least 15 cryptocurrency-focused accounts on X in the past month, amassing over $500,000 from unsuspecting victims.
ZachXBT highlighted that the fake MOCA token was deployed by the same address used to launch counterfeit tokens linked to other recent breaches. These scams often use compromised accounts to lend credibility to their fraudulent schemes, making them particularly effective in targeting the cryptocurrency community.
One common method employed by the attacker involves impersonating the X support team to send fake copyright infringement notices. These notices create a sense of urgency, coercing victims into clicking a phishing link that leads them to reset their account passwords and two-factor authentication (2FA) credentials. Once this information is compromised, the attacker gains full access to the victim’s account.
The fake MOCA token experienced a brief surge in value after being shared from Siu’s compromised account. According to blockchain analytics platform Birdeye, the token peaked at a market capitalization of over $36,700 shortly after the post went live. However, this was short-lived, as the token’s value plummeted within seconds, falling to $7,700 and continuing to decline to around $6,200.
Trading activity around the token quickly dried up, leaving victims with valueless tokens. This pattern aligns with other scams perpetrated by the same hacker, where the primary objective appears to be siphoning funds through initial hype and rapid price inflation.
A String of Attacks on Crypto X Accounts
Siu’s account is just the latest in a series of attacks that began in late November. The first known incident occurred on Nov. 26, targeting the X account of Bitcoin infrastructure provider RuneMine. Subsequent attacks followed, including the Dec. 24 compromise of the account for crypto trading video streaming platform Kick.
These breaches have sparked concerns about the vulnerability of high-profile cryptocurrency accounts on X, particularly as the platform remains a critical space for crypto-related announcements and engagements.
The incident brings attention to the persistent threat of phishing attacks in the crypto space, particularly on platforms like X where trust and rapid communication are paramount. Siu’s position as a prominent figure in blockchain gaming and his association with Animoca Brands made his account an attractive target for attackers seeking to exploit the trust of his followers.
Animoca Brands has since warned its community to remain vigilant against phishing attempts and fraudulent schemes. The company emphasized the importance of verifying announcements through official channels and adopting robust security practices.
As phishing tactics grow increasingly sophisticated, experts have stressed the importance of adopting stronger security measures. Recommendations include enabling hardware-based two-factor authentication (2FA), being wary of unsolicited communications, and avoiding clicking on unfamiliar links.
This incident also highlights the need for platforms like X to improve account security, especially for high-profile users in the crypto sector. Enhanced verification processes and better detection of suspicious activities could help mitigate the risks of such attacks.
The hacking of Yat Siu’s account serves as a stark reminder of the vulnerabilities within the cryptocurrency space. For users, the lesson is clear: always double-check the authenticity of announcements and ensure your accounts are safeguarded with the highest levels of security.
The broader crypto community, meanwhile, must remain on high alert as malicious actors continue to target influential figures and organizations. Only through collective vigilance and proactive security measures can the ecosystem defend itself against these persistent threats.
SBI VC Trade to Absorb DMM Bitcoin Following $320 Million Hack
In other cybersecurity news, Japanese cryptocurrency-focused financial firm SBI VC Trade has officially announced its acquisition of the assets and customer accounts of hacked crypto exchange DMM Bitcoin. The transition, set to be completed on March 8, 2025, follows a devastating cyberattack earlier this year that forced DMM Bitcoin to shutter its operations.
In a Dec. 25 statement, SBI VC Trade confirmed its agreement to take over all customer accounts and assets from DMM Bitcoin. The firm assured DMM customers that they would not need to initiate any account setup processes, as SBI will automatically create accounts for all transitioning users.
The saga began on May 30, 2024, when DMM Bitcoin disclosed a security breach in which attackers exploited vulnerabilities in the exchange’s wallet infrastructure. The breach resulted in the theft of 4,500 Bitcoin, worth approximately $320 million at the time.
The stolen funds were moved swiftly by the attackers, leaving DMM Bitcoin in financial turmoil. Despite pledging to reimburse affected customers, the exchange ultimately decided to liquidate its operations and transfer all user accounts to SBI VC Trade.
On Dec. 23, US and Japanese authorities publicly attributed the attack to TraderTraitor, a notorious North Korea-linked cybercrime group. The FBI, Japan’s National Police Agency, and the Department of Defense Cyber Crime Center (DC3) revealed the intricate details of the heist, which spanned months and involved advanced social engineering tactics.
According to the FBI, TraderTraitor began the operation by targeting an employee of Ginco, a Japanese crypto wallet firm responsible for maintaining DMM Bitcoin’s wallet management system. Masquerading as a recruiter on LinkedIn, the attackers approached the Ginco employee with a seemingly legitimate pre-employment test. The test, however, contained a malicious script that the employee unwittingly uploaded to their GitHub page, enabling the attackers to exploit the vulnerability.
Months later, the group leveraged their access to Ginco’s communications to impersonate the compromised employee. Using this stolen identity, TraderTraitor manipulated a transaction request from DMM Bitcoin, enabling them to siphon off the massive Bitcoin haul.
The DMM Bitcoin breach is one of the largest crypto exchange hacks of 2024 and highlights the persistent vulnerabilities within centralized cryptocurrency platforms. Blockchain security firm Hacken reported that losses from such attacks have surged to $694 million in 2024, more than double the figure from 2023.
Notable incidents this year include the DMM Bitcoin hack and the $235 million breach of Indian crypto exchange WazirX. The sharp rise in losses has raised alarms about the need for more robust security measures and decentralized solutions within the crypto industry.
SBI VC Trade’s Role in Recovery
As SBI VC Trade steps in to absorb DMM Bitcoin’s accounts, the firm is positioning itself as a stabilizing force in the wake of the crisis. By ensuring a seamless transition for DMM’s customers, SBI aims to restore trust and minimize the disruption caused by the hack.
SBI’s statement emphasized its commitment to customer protection and operational security. The automatic account creation process is intended to simplify the transition for users, many of whom remain wary of the risks associated with centralized crypto services.
The DMM Bitcoin breach serves as a stark reminder of the critical need for enhanced cybersecurity protocols in the cryptocurrency sector. Experts point to several key takeaways:
-
Social Engineering Vulnerabilities: The attack underscores the dangers of social engineering tactics, which exploit human vulnerabilities rather than technological flaws.
-
Decentralized Alternatives: The growing number of high-profile hacks has intensified calls for the adoption of decentralized finance (DeFi) platforms, which eliminate single points of failure.
-
Collaboration Across Borders: The joint efforts of the FBI, DC3, and Japanese authorities highlight the importance of international cooperation in combating cybercrime.
For DMM Bitcoin’s former customers, the transition to SBI VC Trade represents a fresh start. However, the broader implications of the hack will likely resonate within the crypto industry for years to come. As centralized exchanges remain attractive targets for sophisticated cybercriminals, the pressure to bolster security measures has never been greater.
SBI VC Trade’s takeover of DMM Bitcoin’s operations marks a critical step in restoring stability and confidence within the Japanese crypto market. Yet, the events leading to this point serve as a sobering reminder of the persistent threats facing the cryptocurrency sector.
