The FBI has linked the major DMM Bitcoin hack to North Korea’s TraderTraitor hacking group, thought to be connected to the infamous Lazarus Group. A cyberattack in May led to the theft of 4,502 Bitcoin, worth about $308 million, causing the Japanese crypto exchange to collapse and close down.
The attack started with clever social engineering tricks targeting Ginco, a Japanese cryptocurrency wallet provider. Hackers pretended to be recruiters on LinkedIn, sending harmful links that looked like job tests.
An employee at Ginco accidentally clicked a link, which allowed hackers to access their GitHub account. The attackers used this breach to pretend to be the employee in internal messages, which resulted in changing a real transaction request from a DMM Bitcoin employee.
DMM Bitcoin tried to get back the stolen money and help users who were affected, but the financial impact was too great. As a result, the exchange will close for good and move customer accounts to SBI VC Trade by March 2025. This event is one of the biggest cryptocurrency thefts in Japan, following the 2018 Coincheck hack.
North Korean cybercriminals are becoming a bigger threat in the cryptocurrency world, having stolen $1.34 billion in crypto assets in 2024. After the hack, the stolen money was found to be connected to Huione Guarantee in Cambodia, known for many scams. Cambodia has blocked access to some cryptocurrency exchanges.
Security expert Taylor Monahan from MetaMask highlighted the ongoing risks from groups like Lazarus, stressing the importance of increased awareness and security in the cryptocurrency industry to tackle these changing threats.
