The $308 Million Hack of DMM: North Korean Hackers Identified
North Korean Hackers Linked to TraderTraitor
The United States and Japanese law enforcement agencies have identified North Korean hackers as responsible for the $308 million hack of Japanese crypto exchange DMM in May. The theft of 4,502.9 bitcoin (BTC) has forced the exchange to close.
TraderTraitor’s Modus Operandi
TraderTraitor, also known as Jade Sleet, UNC4899, and Slow Pisces, is a group of hackers known for their targeted social engineering tactics. In this case, the group inserted malicious code into a Python script used in a fictitious pre-employment test and sent it to a candidate who worked at an outside enterprise, crypto wallet company Ginco.
How the Hack Worked
The victim copied the code to their personal GitHub page, giving TraderTraitor access to session cookie information that allowed them to access Ginco’s communications system. Months later, the hackers probably used the access to intercept a legitimate transaction request by a DMM employee, leading to the theft.
North Korea’s Dominance in Crypto Crime
Hackers linked to North Korea dominated crypto crime this year, according to Chainalysis. The country is tied to more than half of the crypto value stolen in 2024, with operatives responsible for the theft of $1.34 billion across 47 incidents, more than double the $660 million taken last year.
Conclusion
The hack of DMM is a significant example of the growing threat of North Korean hackers in the crypto space. As the crypto market continues to grow, it is essential for exchanges and wallet providers to prioritize security and implement robust measures to prevent such attacks in the future.
FAQs
Q: Who is responsible for the hack of DMM?
A: North Korean hackers linked to TraderTraitor are responsible for the hack of DMM.
Q: How did the hackers gain access to DMM’s system?
A: The hackers gained access to DMM’s system through a victim who copied malicious code to their personal GitHub page, giving the hackers access to session cookie information.
Q: How much was stolen in the hack?
A: 4,502.9 bitcoin (BTC) was stolen in the hack, valued at approximately $308 million.
Q: Is this the first time North Korean hackers have been linked to a crypto hack?
A: No, North Korean hackers have been linked to several high-profile crypto hacks in the past, including the theft of $1.34 billion across 47 incidents in 2024.
Q: What measures can be taken to prevent such attacks in the future?
A: Exchanges and wallet providers can prioritize security, implement robust measures to prevent attacks, and educate users on the importance of cybersecurity in the crypto space.