Introduction
In May 2024 [1] [3] [6], a significant cryptocurrency heist involving the theft of approximately $308 million was linked to North Korean hackers. This incident underscores the growing threat of state-sponsored cybercrime targeting digital assets, with North Korean operatives responsible for a substantial portion of cryptocurrency thefts in 2024.
Description
US and Japanese authorities have linked a significant cryptocurrency heist valued at approximately $308 million (48.2 billion yen) to North Korean hackers affiliated with TraderTraitor, a branch of the Lazarus hacking group [2], also known as Jade Sleet, UNC4899 [3] [4] [6], and Slow Pisces [3] [4] [6]. The theft [1] [2] [3] [4], which involved the appropriation of 4,502.9 Bitcoin [1], occurred in May 2024 from DMM Bitcoin Co, a Tokyo-based cryptocurrency exchange [1] [5]. This incident is part of a broader campaign by North Korea to generate revenue through cybercrime [1], with operatives responsible for over half of the cryptocurrency value stolen in 2024 [4], totaling $1.34 billion across 47 incidents [4]. This highlights growing concerns about state-sponsored cybercrime targeting digital assets.
The breach began in late March 2024 when TraderTraitor [3], impersonating a recruiter on social media [4], contacted an employee at Ginco [3] [6], a cryptocurrency wallet software company that partners with DMM. The employee was targeted due to their access to Ginco’s wallet management system [3]. The attacker sent a malicious message containing a computer virus disguised as a job offer, which the employee inadvertently executed, compromising their system and allowing the hackers to harvest sensitive data [6], including session cookie information [3] [4].
By mid-May 2024 [6], the hackers exploited the compromised session cookie to gain access to Ginco’s unencrypted communications system [6]. This access enabled them to intercept and manipulate a legitimate transaction request from a DMM employee, resulting in the theft of Bitcoin [2] [3]. The stolen funds were quickly transferred to wallets controlled by TraderTraitor [1], which is linked to the North Korean government [1]. In August [1], blockchain security firm PeckShield reported that wallets associated with the hackers moved approximately 850 BTC [1], valued at over $54 million [1], to six different addresses within a week [1].
The FBI [1] [6], Department of Defense Cyber Crime Center (DC3) [6], and the National Police Agency (NPA) of Japan have emphasized that this theft is part of a broader pattern of illicit activities by North Korean cyber actors [6], who are known for engaging in cybercrime to fund the regime [6]. The investigation underscores the need for enhanced global cooperation against such cyber threats [1], particularly as the scale of cryptocurrency theft continues to rise, and efforts are ongoing to trace the stolen funds and hold the perpetrators accountable.
Conclusion
The incident involving the theft of $308 million in cryptocurrency highlights the urgent need for international collaboration to combat state-sponsored cybercrime. As North Korean hackers continue to exploit vulnerabilities in digital asset systems, it is imperative for global authorities to strengthen cybersecurity measures and develop strategies to prevent future breaches. Enhanced cooperation and information sharing among nations will be crucial in tracing stolen funds and ensuring that perpetrators are brought to justice, thereby safeguarding the integrity of the global financial system.
References
[1] https://dailyhodl.com/2024/12/24/fbi-and-other-federal-agencies-identify-hacker-behind-308000000-hack-of-dmm-crypto-exchange/
[2] https://www3.nhk.or.jp/nhkworld/en/news/20241224_04/
[3] https://www.infosecurity-magazine.com/news/us-japan-north-korea-crypto-heist/
[4] https://www.coindesk.com/policy/2024/12/24/north-korea-blamed-for-may-s-usd305m-hack-on-japanese-crypto-exchange-dmm
[5] https://asia.nikkei.com/Spotlight/Society/Crime/North-Korea-hacker-group-identified-in-theft-of-DMM-Bitcoin-assets
[6] https://thecyberexpress.com/cryptocurrency-theft-to-north-korean-hackers/
