🔥 Did North Korean Hackers Sink DMM Exchange with a $308M Heist?

posted  13 hr ago
U.S. and Japanese authorities have attributed the May 2024 hack of the DMM crypto exchange to North Korean cybercriminals, who allegedly siphoned $308 million in digital assets. The theft led to the exchange’s bankruptcy and liquidation of remaining assets.  

The attack has been linked to the shadowy hacker collective known by aliases such as TraderTraitor, Jade Sleet, UNC4899, and Slow Pisces. Renowned for their sophisticated cyber operations, the group frequently employs targeted social engineering aimed at specific employees.  

Investigators revealed that the hackers used LinkedIn to pose as recruiters. They approached an employee of Ginco, a DMM Japanese partner, and sent a “test assignment” embedded with a malicious Python script. Once executed, the script granted them access to session cookie information.  

A month later, the hackers intercepted DMM’s transaction protocols to reroute the funds to their wallets, exploiting a critical vulnerability in the platform’s defenses. The breach underscores the persistent risks of social engineering and malware-based exploits faced by the crypto industry.  

North Korea’s hacking operations remain a formidable threat to the sector. According to Chainalysis, the regime’s cyber groups were behind over $1 billion in crypto thefts last year, accounting for more than 50% of all stolen funds across fewer than 47 major incidents.