North Korean Hackers’ $308M Crypto Heist: FBI Exposes LinkedIn Job Scam That Fooled Exchange

North Korean Hackers' $308M Crypto Heist: FBI Exposes LinkedIn Job Scam That Fooled Exchange

North Korean Hackers Steal $308M in Major Cryptocurrency Heist

The FBI has confirmed that North Korean hacking group ‘TraderTraitor’ successfully orchestrated a sophisticated cyber attack against Japanese cryptocurrency exchange DMM Bitcoin, resulting in the theft of $308 million worth of cryptocurrency in May 2024.

The attack began in March 2024 when TraderTraitor operatives posed as recruiters on LinkedIn, targeting an employee at Ginco, a Japanese cryptocurrency wallet software company. The hackers sent a fraudulent job proposal that included a pre-employment test on GitHub, containing malicious Python code. Once the victim executed the code, it compromised their system, allowing the hackers to infiltrate Ginco and subsequently breach DMM Bitcoin’s network.

Using stolen session cookie information, the attackers impersonated the compromised employee to access Ginco’s unencrypted communications system. This access enabled them to manipulate a legitimate transaction request from a DMM employee, resulting in the theft of 4,502.9 BTC.

TraderTraitor, also known as Jade Sleet, UNC4899, and Slow Pisces, has been under U.S. authorities’ surveillance since 2022 when they began targeting the blockchain sector with fraudulent applications. The group’s activities align with previous warnings from GitHub about social engineering campaigns targeting blockchain, cryptocurrency, gambling, and cybersecurity developers.

The incident led DMM Bitcoin to temporarily suspend account registrations, cryptocurrency withdrawals, and trading operations during the investigation. Blockchain intelligence firm Chainalysis had previously linked the attack to North Korean threat actors, though specific details were not disclosed.

Share This Article