Japanese police announced on Tuesday that hackers linked to the North Korean regime were likely behind the $307 million attack on crypto exchange DMM Bitcoin.
North Korean hackers are believed to be behind a multi-million dollar attack on a crypto exchange that cost the platform over $300 million in stolen crypto funds.
In a press release on December 23, the Federal Bureau of Investigation and Japan’s National Police Agency revealed that the hack, which took place in May, was linked to North Korean cyber actors and was linked to the threat group TraderTraitor, also known as “TraderTraitor.” Connection is Jade Sleet, UNC4899 and Slow Pisces.
According to authorities, the cyberattack began when a North Korean hacker posing as a recruiter on LinkedIn contacted an employee of Ginco, a Japanese company that provides crypto wallet software. The hacker tricked the employee into downloading a malicious Python script disguised as part of a pre-employment test. The employee unknowingly uploaded the script to his personal GitHub page, which allowed the attacker to gain access to sensitive company systems.
By mid-May, the attackers used stolen session cookies to impersonate the compromised employee and infiltrated Ginco’s unencrypted communications system, resulting in the manipulation of a legitimate DMM Bitcoin transaction request. Ultimately, this plan allowed the hackers to steal 4,502.9 (BTC), which was equivalent to $307 million at the time. The stolen cryptocurrency was later transferred to wallets controlled by the TraderTraitor group, the FBI said.
As crypto.news previously reported, the United…
