FlagThis

The North Korean hacking group known as TraderTraitor, also identified as Jade Sleet, UNC4899, and Slow Pisces, has been linked to the theft of $308 million in cryptocurrency from the Japanese exchange DMM Bitcoin in May. This group, a cryptocurrency-focused element within North Korea's Reconnaissance General Bureau, primarily targets blockchain-related companies. Authorities, including the FBI, the Department of Defense Cyber Crime Center, and the National Police Agency of Japan, confirmed the group's involvement, highlighting TraderTraitor's use of targeted social engineering techniques to infiltrate their victims. The group's known methods also include supply chain attacks and malware deployment.

The FBI outlined the attack chain, which began in March when TraderTraitor members posed as recruiters and contacted an employee at a cryptocurrency wallet software company named Ginco. This led to the deployment of a malicious python script. By exploiting the compromised employee's access, the hackers manipulated a legitimate DMM transaction request, resulting in the theft of 4,502.9 Bitcoin, valued at $308 million at the time. The stolen funds were then moved to TraderTraitor-controlled wallets. This incident led DMM Bitcoin to restrict its services following the hack, until the completion of investigations.

ImgSrc: blogger.googleusercontent.com

References:

• The Hacker News - The Hacker News reports on North Korean hackers stealing $308M in Bitcoin from DMM Bitcoin. - 2d
• www.bleepingcomputer.com - The North Korean hacker group 'TraderTraitor' stole $308 million worth of cryptocurrency in the attack on the Japanese exchange DMM Bitcoin in May. - 2d
• www.coindesk.com - US and Japanese law enforcement say North Korean hackers were responsible for stealing 4,502.9 bitcoin, worth $308M, from Japanese exchange DMM in May 2024 (Sheldon Reback/CoinDesk) - 2d
• @BleepingComputer - The North Korean hacker group 'TraderTraitor' stole $308 million worth of cryptocurrency in the attack on the Japanese exchange DMM Bitcoin in May. - 2d
• @screaminggoat - FBI : This is not much of a cybersecurity advisory: The Federal Bureau of Investigation, Department of Defense Cyber Crime Center (DC3), and National Police Agency of Japan linked the theft of cryptoc - 2d
• COINOTAG NEWS - Coinotag reports about the 48.2 Billion Yen Bitcoin theft linked to North Korea. - 2d
• ciso2ciso.com - US and Japan Blame North Korea for $308m Crypto Heist - 2d
• www.techmeme.com - US and Japanese law enforcement say North Korean hackers were responsible for stealing 4,502.9 bitcoin, worth $308M, from Japanese exchange DMM in May 2024 (Sheldon Reback/CoinDesk) - 2d
• securityonline.info - North Korean Cyber Actors TraderTraitor Steal $308 Million in Cryptocurrency: DMM Breach Unveiled - 2d
• Techmeme - US and Japanese law enforcement say North Korean hackers were responsible for stealing 4,502.9 bitcoin, worth $308M, from Japanese exchange DMM in May 2024 (Sheldon Reback/CoinDesk) - 2d
• @Techmeme - US and Japanese law enforcement say North Korean hackers were responsible for stealing 4,502.9 bitcoin, worth $308M, from Japanese exchange DMM in May 2024 (Sheldon Reback/CoinDesk) - 2d
• ciso2ciso.com - FBI Blames North Korea for $308M Cryptocurrency Hack as Losses Surge in 2024 - 2d
• Security Archives - DMM Bitcoin $308M Bitcoin heist linked to North Korea - 1d
• osint10x.com - North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin - 1d
• Cybersecurity News - North Korean Cyber Actors TraderTraitor Steal $308 Million in Cryptocurrency: DMM Breach Unveiled - 1d
• CISO2CISO.COM - DMM Bitcoin $308M Bitcoin heist linked to North Korea – Source: securityaffairs.com - 15h
• SCM feed for Threat Management - Suspected Lazarus subgroup behind DMM crypto heist - 15h

Classification:

• HashTags: CryptoHeist NorthKoreanHackers TraderTraitor
• Company: DMM Bitcoin
• Target: DMM Bitcoin
• Attacker: TraderTraitor
• Product: Bitcoin
• Feature: cryptocurrency theft
• Type: Hack
• Severity: Major