Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin

The Hacker News by The Hacker News
December 24, 2024
Home Cybersecurity
Share on FacebookShare on Twitter


Dec 24, 2024Ravie LakshmananCybercrime / Malware

Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors.

“The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces,” the agencies said. “TraderTraitor activity is often characterized by targeted social engineering directed at multiple employees of the same company simultaneously.”

The alert comes courtesy of the U.S. Federal Bureau of Investigation, the Department of Defense Cyber Crime Center, and the National Police Agency of Japan. It’s worth noting that DMM Bitcoin shut down its operations earlier this month.

TraderTraitor refers to a North Korea-linked persistent threat activity cluster that has a history of targeting companies in the Web3 sector, luring victims into downloading malware-laced cryptocurrency apps and ultimately facilitating theft. It’s known to be active since at least 2020.

Cybersecurity

In recent years, the hacking crew has orchestrated a series of attacks that leverage job-themed social engineering campaigns or reaching out to prospective targets under the pretext of collaborating on a GitHub project, which then leads to the deployment of malicious npm packages.

The group, however, is perhaps best known for infiltrating and gaining unauthorized access to JumpCloud’s systems to target a small set of downstream customers last year.

The attack chain documented by the FBI is no different in that the threat actors contacted an employee at a Japan-based cryptocurrency wallet software company named Ginco in March 2024, posing as a recruiter and sending them a URL to a malicious Python script hosted on GitHub as part of a supposed pre-employment test.

The victim, who had access to Ginco’s wallet management system, was subsequently compromised after they copied the Python code to their personal GitHub page.

The adversary moved to the next-phase of the attack in mid-May 2024 when it exploited session cookie information to impersonate the compromised employee and successfully gained access to Ginco’s unencrypted communications system.

“In late-May 2024, the actors likely used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the loss of 4,502.9 BTC, worth $308 million at the time of the attack,” the agencies said. “The stolen funds ultimately moved to TraderTraitor-controlled wallets.”

Cybersecurity

The disclosure comes shortly after Chainalysis attributed the hack of DMM Bitcoin to North Korean threat actors, stating the attackers targeted vulnerabilities in infrastructure to make unauthorized withdrawals.

“The attacker moved millions of dollars’ worth of crypto from DMM Bitcoin to several intermediary addresses before eventually reaching a Bitcoin CoinJoin Mixing Service,” the blockchain intelligence firm said.

“After successfully mixing the stolen funds using the Bitcoin CoinJoin Mixing Service, the attackers moved a portion of the funds through a number of bridging services, and finally to HuiOne Guarantee, an online marketplace tied to the Cambodian conglomerate, HuiOne Group, which was previously exposed as a significant player in facilitating cybercrimes.”

The development also comes as the AhnLab Security Intelligence Center (ASEC) revealed that the North Korean threat actor codenamed Andariel, a sub-cluster within the Lazarus Group, is deploying the SmallTiger backdoor as part of attacks targeting South Korean asset management and document centralization solutions.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Yu Liu, Vice President of Baijiayun, to Attend 2024 Jixin AIGC Summit for Exploring New Industry Landscape

Yu Liu, Vice President of Baijiayun, to Attend 2024 Jixin AIGC Summit for Exploring New Industry Landscape

Recommended.

NEXCOM Brings Expanded Edge, Security, and Quantum-Resistant Innovations to MWC Barcelona 2026

NEXCOM Brings Expanded Edge, Security, and Quantum-Resistant Innovations to MWC Barcelona 2026

January 13, 2026
Berkshire’s operating earnings jump 34%, Buffett buys back no stock and raises cash hoard to 1 billion

Berkshire’s operating earnings jump 34%, Buffett buys back no stock and raises cash hoard to $381 billion

November 1, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio