FBI Exposes $305M Crypto Theft by North Korean Hackers from Japanese Exchange
US and Japanese authorities uncover sophisticated crypto heist
The U.S. Federal Bureau of Investigation (FBI) and Japan’s National Police Agency (NPA) have detailed a massive hack that resulted in the theft of 4,502.9 Bitcoin—valued at $305 million—from the Japanese cryptocurrency exchange DMM in May. The heist has been linked to TraderTraitor, a North Korea-affiliated hacker group.
The FBI revealed that the attack began in March when a North Korean hacker posed as a recruiter on LinkedIn and targeted an employee at Ginco, a crypto wallet company managing DMM’s assets. Posing as part of a job opportunity, the hacker sent the employee a malicious GitHub link disguised as a pre-employment test. When the employee interacted with the link, the hackers gained access to sensitive systems.
By May, the TraderTraitor group used the stolen information to impersonate the Ginco employee and infiltrate internal communication systems. They exploited this access to manipulate a legitimate transaction request from a DMM employee, ultimately transferring over $300 million in Bitcoin to wallets under their control.
Authorities emphasized that North Korea’s hacking groups leverage these illicit activities to fund their regime. The FBI, NPA, and international partners continue their efforts to uncover and prevent such operations.
DMM’s breach was one of the largest in 2024, but far from the only one. According to Chainalysis, the crypto sector experienced 303 incidents this year, with total losses reaching $2.2 billion. Notably, the centralized finance sector suffered a staggering 1,000% rise in attacks, according to cybersecurity firm Cyvers.
The alarming rise in cybercrimes underscores the urgent need for stronger security measures across the crypto industry.