In a shocking revelation, the US Federal Bureau of Investigation and other law enforcement agencies (FBI) have disclosed the masterminds of the hack on DMM exchange. In a Tuesday post, the security agency gave a thorough explanation of how the malicious hacks exploited the exchange and stole over $300 million last May.
Giving a rundown on the hack, the FBI alongside the Department of Defense Cyber Crime Center (DC3) and the National Police Agency of Japan (NPA) said 4,502.9 Bitcoin equivalent to $300 million at the time of the hack was stolen. The report linked the attack to the popular North Korean group TraderTraitor. The group was said to have used several tactics, including targeted social engineering at company employees.
According to FBI, a North Korean threat actor disguised as a recruiter on LinkedIn in March. The attacker however contacted one of the employees at the Japan-based crypto wallet provider Ginco. Based on the report, the threat actor relayed malicious link to the employee, who had access to Ginco’s wallet management system.
The employee thought the link was a pre-employment test on a GitHub page. So he allegedly relayed the link on their personal GitHub, causing a compromise. The attacker eventually leveraged the information gained to impersonate the employee and access Gianco’s communication system.
$300 million stolen funds moved to a wallet owned by TraderTraiter – FBI
FBI said the hackers exploited the access to manipulate a legitimate transaction request from a DMM employee. With that, over $300 million in Bitcoin was stolen and move to a wallet controlled by the TraderTraiter group.
The DMM hack remains one of the biggest industry attacks of 2024, underscoring the rising security challenges in the crypto industry. In a recent report, Chainalysis, a blockchain analytics platform reported more than 300 hacks in 2024 alone. This led to the loss of assets worth over $2.2 billion.
However, FBI says it will continue to expose the illicit activities of malicious attackers in the industry. To achieve this, the agency expressed readiness to partner with other security agencies and relevant stakeholders.
Read More: