North Korean Hackers Behind $305M DMM Bitcoin Theft, FBI Confirms
FBI and Japanese Police reveal that the North Korean hacking group TraderTraitor orchestrated the $305M heist.
By Tylt Editorial Team
DMM Bitcoin lost $305M worth of funds in May 2023 due to a massive hack.
Investigations link the attack to North Korea’s TraderTraitor group, part of Lazarus.
The exchange plans to cease operations, transferring assets to SBI VC Trade.
In a coordinated investigation, the U.S. Federal Bureau of Investigation (FBI) and Japan’s National Police Agency have linked the May 2023 hack of the Japanese cryptocurrency exchange DMM Bitcoin to the North Korean hacking group TraderTraitor. The incident saw the loss of 4,502.9 Bitcoin, equivalent to approximately $305 million at the time, marking one of the largest cryptocurrency thefts to date.
According to FBI findings, TraderTraitor is a North Korean-affiliated cybercrime unit using advanced social engineering tactics to target multiple employees of a single organization. During the DMM Bitcoin attack, the group exploited an employee at Ginco, a crypto wallet software firm linked to DMM’s operations. Disguised as a LinkedIn recruiter, a hacker provided the employee with a malicious Python script under the guise of a pre-employment test. Once the script was uploaded to Ginco’s systems, the attackers gained access to unencrypted communications, manipulating a transaction request to siphon funds into wallets they controlled.
The stolen funds, worth $308 million at the time of the theft, were swiftly transferred into TraderTraitor-controlled accounts. The incident highlights TraderTraitor’s growing reputation for employing sophisticated infiltration strategies, often leveraging tools under the threat categories Jade Sleet, UNC4899, and Slow Pisces. This group is also associated with the notorious Lazarus Group, a North Korean collective long implicated in global cybercrimes and cryptocurrency heists.
In response to the breach, DMM Bitcoin has announced plans to cease operations, citing the catastrophic loss of customer funds. The exchange intends to transfer all remaining customer assets to SBI VC Trade, a crypto platform managed by the SBI Group. This move aims to provide some stability and restitution for affected customers.
The FBI’s statement emphasized continued international efforts to combat North Korea’s illicit activities, including cybercrime and cryptocurrency theft, which are key revenue sources for the regime. Collaborating with Japan’s National Police Agency and the U.S. Department of Defense Cyber Crime Center, the investigation underscores a united front against cyber threats in the financial sector.
