A sophisticated cryptocurrency heist targeting a Japanese firm has been attributed to North Korean hackers, according to a joint announcement by US and Japanese authorities. The theft, valued at $308 million, occurred in May 2024 and targeted DMM, a Japan-based cryptocurrency company.
The FBI, Department of Defense Cyber Crime Center, and Japan's National Police Agency identified the North Korean threat group "TraderTraitor" (also known as Jade Sleet) as the perpetrators behind the attack.
Investigators revealed that the hackers executed an elaborate social engineering scheme, beginning in March 2024. The attackers posed as recruiters on LinkedIn to target an employee at Ginco, a Japanese cryptocurrency wallet software company. The employee, who had access to Ginco's wallet management system, was tricked into copying malicious code from a fake pre-employment test hosted on GitHub.
After compromising the employee's credentials, the hackers gained access to Ginco's unencrypted communications system by exploiting session cookie information. They then manipulated a legitimate transaction request from a DMM employee, resulting in the theft of 4,502.9 Bitcoin, valued at $308 million at the time.
According to blockchain analytics firm Chainalysis, North Korean-affiliated hackers were responsible for stealing $1.34 billion in cryptocurrency across 47 separate incidents during 2024, representing 61% of all crypto theft that year. These attacks are believed to generate revenue for the Pyongyang regime.
US and Japanese authorities have pledged to continue working together to combat North Korea's illicit cyber activities and cryptocurrency theft operations.