Authorities in Japan and the United States have identified North Korean cyber actors as the culprits behind the theft of $308 million worth of DMM Bitcoin cryptocurrency in May 2024. This cyber theft was officially attributed to the activity of TraderTraitor threat linked to North Korea, which is also recognized under aliases such as Jade Sleet, UNC4899 and Slow Pisces.
TraderTraitor: a persistent threat in the Web3 sector
The hacking group’s activities often involve highly coordinated social engineering efforts simultaneously targeting multiple employees within the same organization, according to statements from the U.S. Federal Bureau of Investigation (FBI), Federal Cybercrime Center Ministry of Defense and the National Police Agency of Japan. This disclosure follows DMM Bitcoin’s decision to cease operations earlier this month as a direct result of the breach.
TraderTraitor is a persistent threat group active since at least 2020. It frequently targets businesses operating in the Web3 industry, often by tricking victims into downloading malware-infected cryptocurrency applications. This approach allows the group to facilitate large-scale theft.
In recent years, the group has carried out various attacks relying on work-related social engineering tactics. These campaigns include reaching potential targets under the guise of recruiting or collaborating on GitHub projects, often resulting in the distribution of malicious NPM packages. One of the group’s most notorious exploits was its unauthorized access to JumpCloud’s systems last year, targeting a select group of downstream customers.
Recent Attack Strategies and DMM Bitcoin Heist
The attack on DMM Bitcoin followed a similar pattern. In March 2024, a TraderTraitor agent posed as a recruiter to approach an employee of Ginco, a cryptocurrency wallet software company based in Japan. The agent shared a malicious Python script hosted on GitHub, disguised as part of a pre-employment test. Unfortunately, the employee, who had access to Ginco’s portfolio management system, inadvertently compromised the company’s security by copying the script to his personal GitHub account.
In mid-May 2024, attackers intensified their efforts by leveraging session cookie information to impersonate the compromised Ginco employee. This allowed them to access Ginco’s unencrypted communications system. In late May 2024, malicious actors manipulated a legitimate transaction request from a DMM Bitcoin employee, ultimately stealing 4,502.9 BTC, worth $308 million at the time. The stolen funds were allocated to wallets under the control of TraderTraitor.
This disclosure aligns with findings from Chainalysis, a blockchain intelligence firm, which also linked the DMM Bitcoin hack to North Korean cybercriminals. According to Chainalysis, attackers exploited infrastructure vulnerabilities to make unauthorized withdrawals.
🚨🇰🇵North Korean hackers hit big in 2024
They doubled their 2023 harvest, stealing $1.3 billion in crypto this year, according to Chainalysis.
Using tactics such as posing as remote IT professionals, they infiltrated companies to fund Pyongyang’s weapons programs and dodge sanctions.
Major… pic.twitter.com/RppswOHaRC
– Mario Nawfal (@MarioNawfal) December 23, 2024
Chainalysis reported that hackers transferred millions of cryptocurrencies to intermediate addresses before using a Bitcoin mixing service CoinJoin. After successfully hiding the funds, the attackers routed part of them through various bridging services. The stolen assets eventually reached HuiOne Garantie, an online marketplace affiliated with the Cambodian HuiOne Group, which has previously been implicated in cybercrime activities.
Meanwhile, the AhnLab Security Intelligence Center (ASEC) recently exposed another North Korean threat group. A subgroup of the Lazarus Group, known as Andariel, deployed the SmallTiger backdoor to target South Korean asset management and document centralization solutions.
This series of revelations highlights North Korea’s growing role in cybercrime, particularly in the cryptocurrency sector, as it continues to exploit sophisticated techniques and vulnerabilities in its infrastructure to finance its operations.
Simplify investments in Meme Coin with Meme Index
Meme Index is a decentralized platform designed to simplify investing in the meme coin market by providing exposure through four unique indices: Titan, Moonshot, MidCap and Frenzy. Each index is designed to accommodate different levels of risk, ranging from stable, well-established meme coins like DOGE and SHIB in the Titan Index to high-risk, high-reward exotic tokens in the Frenzy Index. Investors can use the $MEMEX token to access these indices and participate in governance, ensuring that the platform evolves with market trends and community feedback.
What sets Meme Index apart is its emphasis on diversification and community-driven decision-making. Rather than investing in individual coins, users gain exposure to a basket of tokens, reducing risk while capitalizing on market trends. $MEMEX holders can also stake their tokens to earn high APY rewards, both during the presale and after the token launch. This staking mechanism not only improves returns but also supports the growth of the platform. Through governance privileges, $MEMEX holders can vote on proposals including adding or removing meme coins from indexes, making the platform dynamic and community-centric.
Related news
Newest ICO Coin – Wall Street Pepe
- Audited by Coinsult
- Early Access Presale Cycle
- Private Trading Alpha for the Army $WEPE
- Staking Pool – High Dynamic APY
