North Korean hackers revealed as perpetrators behind DMM exchange hack
Who hacked the Japanese exchange?
North Korean hackers have been identified as the culprits behind the $308 million hack of the Japanese cryptocurrency exchange DMM in May. This revelation came in a joint statement by law enforcement agencies from the United States and Japan.
According to CoinDesk, the attack targeted DMM, resulting in the theft of 4,502.9 BTC, forcing the exchange to shut down. Authorities stated that the hack was linked to a group known as TraderTraitor.
TraderTraitor, also referred to as Jade Sleet, UNC4899, or Slow Pisces, primarily employs social engineering techniques for its hacks. In this case, malicious code was embedded in a Python script used in a fake pre-employment test. The script was sent to candidates by someone posing as a recruiter on LinkedIn and was specifically targeted at an employee of Ginco, a company specializing in cryptocurrency wallets.
The victim uploaded the script to their personal GitHub page, inadvertently granting TraderTraitor access to session cookie data. This access allowed the hackers to infiltrate Ginco's communication system. Months later, they likely used this access to intercept a transaction request made by a DMM employee, leading to the theft.
A criminal hotspot
In its annual report, Chainalysis highlighted that North Korean hackers were responsible for the majority of cryptocurrency-related crimes in 2024.
Hackers from the Democratic People's Republic of Korea (DPRK) accounted for over half of the stolen crypto funds for the year, amounting to $1.34 billion—double the $660 million stolen in 2023.
Following the hack, DMM Bitcoin exchange was unable to recover and ultimately shut down.
