coinengineer.io
The U.S. Federal Bureau of Investigation (FBI) and Japan’s National Police Agency (NPA) have unveiled details of a $305 million Bitcoin theft from Japan-based crypto exchange DMM, attributed to North Korea-linked hackers. The attack was executed using social engineering techniques and resulted in the theft of 4,502.9 Bitcoin in May.
Social Engineering Tactics of the Hackers
According to the FBI, the attack was carried out by the North Korean-linked TraderTraitor group, known for targeting company employees through social engineering.
In March, a North Korean threat actor posed as a fake recruiter on LinkedIn and contacted an employee of Ginco, a Japan-based crypto wallet company. The hacker sent the employee a malicious link disguised as a GitHub-based recruitment test. When the employee copied the link to their personal GitHub account, their system was compromised.
In May, the compromised information was used to impersonate Ginco’s communication system. The hackers posed as DMM employees, manipulated a legitimate transaction request, and successfully executed a massive Bitcoin transfer.
The Fate of the Stolen Funds
The FBI reported that the stolen Bitcoin was transferred to wallets under the control of the TraderTraitor group. It was emphasized that the North Korean regime uses such illicit activities to circumvent economic sanctions and generate revenue.
The FBI announced its continued efforts, in collaboration with Japanese authorities and international partners, to expose and counter North Korea’s illegal crypto activities.
The DMM hack stands out as one of the largest crypto heists of 2024 but is just one of many incidents that occurred throughout the year. Stay vigilant against phishing scams!