The $308 million hack of Japanese crypto exchange DMM in May was the work of North Korean hackers, U.S. and Japanese law enforcement agencies said Monday.
The theft of 4,502.9 bitcoins (BTC), which is forcing the exchange to close, was “affiliated” with a group known as TraderTraitor, the FBI said in a statement along with the Department of Defense Cyber Crime Center and the Agency National Police of Japan.
Hackers linked to North Korea dominated crypto crimes this year, Chainalysis said in its annual report on the topic. The country, whose official name is the Democratic People’s Republic of Korea (DPRK), is linked to more than half of the stolen crypto value in 2024. Its agents are responsible for the theft of $1.34 billion in 47 incidents, more than double the 660 dollars. million (a figure revised downwards from an initial estimate) taken last year.
TraderTraitor, also known as Jade Sleet, UNC4899 and Slow Pisces, generally works through targeted social engineering, according to the statement. In this case, malicious code was inserted into a Python script used in a fictitious pre-employment test and sent by an agent posing as a recruiter on LinkedIn to a candidate working at an outside company, the crypto wallet company. Ginco.
The victim copied the code to his personal Github page, giving TraderTraitor access to the session cookie information that allowed him to access Ginco’s communications system. Months later, he likely used the access to intercept a legitimate transaction request from a DMM employee, leading to the theft, the agencies said.
