The FBI (US) and Japan’s National Police Agency (JPA) have confirmed that a North Korean hacking collective, TraderTraitor orchestrated the infamous Japanese Bitcoin hack at DMM.
In May, the exchange reported a loss of 4,502.9 Bitcoin. This represents 48.2 Billion Yen ($305 Million) in customer funds.
According to FBI’s statement , the theft was associated with TraderTraitor, a threat activity that targets multiple employees from the same firm at once.
“The FBI, National Police Agency of Japan, and other U.S. government and international partners will continue to expose and combat North Korea’s use of illicit activities–including cybercrime and cryptocurrency theft–to generate revenue for the regime,” the note read.
TraderTraitor, it is believed, is affiliated with the North Korean hacking group Lazarus Group. The investigation took place in collaboration with FBI and the U.S. Department of Defense Cyber Crime Center.
TraderTraitor Uses ‘Targeted Social Engineering’ Tactics
The TraderTraitor activity is also tracked by the North Korean affiliated threat categories Jade Sleet UNC4899 and Slow Pisces.
Investigations found that a North Korean threat agent posed as an LinkedIn recruiter and contacted a Ginco employee in Japan. The employee had access to Ginco’s wallet management system, according to the investigation.
FBI: The victim received a malicious Python program on a GitHub webpage in the name a pre-employment exam. The FBI said that the victim then copied the code onto their GitHub account, which led to the hack.
TraderTraitor gained access at first to the Ginco communications system, which was not encrypted. The TraderTraitor actors also used the system to manipulate a legitimate DMM employee’s transaction request. The attack led to the loss of Bitcoin worth $308,000,000 at the time. The stolen funds ultimately moved to TraderTraitor-controlled wallets, the report noted.
DMM Bitcoin, which announced its plans to close down operations after the loss, made an announcement early in this month. The exchange will transfer all client assets to SBI VC Trade. This is managed by SBI Group.
