Share this article
North Korea Blamed for May's $305M Hack on Japanese Crypto Exchange DMM
Japanese police and U.S. agencies said the attack was "affiliated" with TraderTraitor, which is characterized by social engineering.
Updated Dec 24, 2024, 1:05 p.m. Published Dec 24, 2024, 12:10 p.m.
What to know:
- The theft of more than 4,500 bitcoin from Japanese crypto exchange DMM was perpetrated by hackers linked to North Korea, the FBI, Department of Defense and Japan's police force said.
- The attack targeted an employee at crypto wallet company Ginco, giving the hackers access to its communications system.
- Later, they used that access to intercept a legitimate transaction from a DMM employee, leading to the loss.
The $308 million hack of Japanese crypto exchange DMM in May was the work of North Korean hackers, the U.S. and Japanese law enforcement agencies said Monday.
The theft of 4,502.9 bitcoin , which is forcing the exchange to close, was "affiliated" with a group known as TraderTraitor, the FBI said in a statement with the Department of Defense Cyber Crime Center and National Police Agency of Japan.
STORY CONTINUES BELOW
Hackers linked to North Korea dominated crypto crime this year, Chainalysis said in its annual report on the subject. The country, whose official name is the Democratic People's Republic of Korea (DPRK), is tied to more than half of the crypto value stolen in 2024. Its operatives are responsible for the theft of $1.34 billion across 47 incidents, more than double the $660 million (a figure revised down from an initial estimate) taken last year.
TraderTraitor, also known as Jade Sleet, UNC4899 and Slow Pisces, generally works by targeted social engineering, according to the statement. In this case, malicious code was inserted into a Python script used in a fictitious pre-employment test and sent by an operative posing as a recruiter on LinkedIn to a candidate who worked at an outside enterprise, crypto wallet company Ginco.
The victim copied the code to their personal Github page, giving TraderTraitor access to session cookie information that allowed it access to Ginco's communications system. Months later, it probably used the access to intercept a legitimate transaction request by a DMM employee, leading to the theft, the agencies said.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
CFTC's acting chief Pham poised to go to crypto firm MoonPay once Mike Selig lands
The leader of the derivatives regulator is planning to join the crypto industry as the CFTC and other federal regulators work on policies to benefit the sector.
What to know:
- Commodity Futures Trading Commission Acting Chairman Caroline Pham confirmed again that she's heading to crypto firm MoonPay when the Senate confirms her replacement and he's sworn in.
- President Donald Trump's CFTC chair nominee Mike Selig was set for a Senate vote Wednesday evening, according to that chamber's schedule.
- Selig, currently an SEC official, would arrive at the CFTC just as several of Pham's crypto initiatives have gone live.
Top Stories
