TechFlow news, on December 24, according to CoinDesk Japan, regarding the theft of 4,502.9 BTC from cryptocurrency exchange DMM Bitcoin in May, the National Police Agency of Japan announced on December 24 that the incident was carried out by Trader Traitor, a subgroup of the North Korea-based hacking group Lazarus Group. The Japanese police stated they will continue cooperating with the U.S. Federal Bureau of Investigation, other U.S. government agencies, and international partners to investigate illegal activities by North Korean hackers, including cybercrimes and crypto asset thefts.
The attack was conducted in multiple stages. According to the National Police Agency, in late March 2024, the criminal group first impersonated corporate recruiters on the business social network LinkedIn, contacting employees of Ginco, a software development company contracted by DMM Bitcoin to manage cryptocurrency trading systems.
Under the guise of a recruitment test, the group sent links to a website containing malicious software. Employees who opened these links had their accounts compromised. Using this breach as a foothold, the group began infiltrating Ginco's internal systems from mid-May onward. They then manipulated DMM Bitcoin’s trading program, causing customers’ assets to be transferred to an address controlled by the attackers.
DMM Bitcoin has decided to shut down its exchange following the fund loss. Assets and customer accounts will be transferred to SBIVC Trade, with the transition scheduled for completion by March 2025.
