The biggest crypto heist of 2024 was carried out by seasoned cybercriminals working on behalf of the North Korean government, according to the FBI.
On Tuesday, the agency joined forces with the Defense Ministry and the National Police Agency of Japan to explain that $308 million in cryptocurrency stolen from the Japanese platform DMM in May had been attributed to North Korean hackers known by many researchers as Lazarus or TraderTraitor.
In late March 2024, a North Korean cyber actor successfully compromised a Japan-based cryptocurrency wallet software company and then used this access to speak to officials at DMM, the United States, and Japan. said.
“In late May 2024, the actors likely used this access to manipulate a legitimate transaction request from a DMM employee, resulting in the loss of 4,502.9 BTC, worth $308 million at the time of the transaction. attack,” the agencies added.
“The stolen funds were ultimately transferred to wallets controlled by TraderTraitor. The FBI, Japan National Police, and other U.S. governments and international partners will continue to expose and combat North Korea’s use of illicit activities, including cybercrime and cryptocurrency theft, to generate revenue for the diet.
The FBI previously said TraderTraitor was behind three headline-making incidents in 2023 involving cryptocurrency companies: a $100 million hack of Atomic Wallet on June 2, as well as two attacks on June 22. June in which cybercriminals stole $60 million from cryptocurrency companies. Alphapo and $37 million in CoinsPaid.
The agency also attributed the $100 million hack of Harmony’s Horizon Bridge and the $600 million hack of Sky Mavis’ Ronin Bridge to the same North Korean hackers.
Last year, Microsoft warned GitHub users of a nearly identical TraderTraitor campaign, targeting the personal accounts of employees of tech companies. The GitHub alert states that the group “primarily targets users associated with cryptocurrencies and other blockchain-related organizations, but also targets vendors used by these companies.”
GitHub explained at the time that the attack chain began with hackers posing as a developer or recruiter by creating a fake personal account on GitHub and other social media platforms like LinkedIn, Slack and Telegram.
Last week, Chainalaysis said hacking groups linked to the North Korean government stole $1.34 billion worth of cryptocurrency in 47 incidents in 2024.
These figures represent a significant increase after 2023, where $660.50 million was stolen in 20 attacks, according to the research firm. More than $1.7 billion was stolen by North Korea in 2022.
The attack on DMM was the biggest theft of the year according to blockchain analysts. The incident was so serious that it led the company to announce its closure just two weeks ago.
Due to price fluctuations, the cryptocurrency stolen from DMM is now worth more than $440 million. Following the attack, DMM Bitcoin was forced to withdraw massive loans to cover the lost bitcoin. In June, the company obtained 55 billion yen in loans – approximately $367 million.
Officials from the Japan Financial Services Agency intervened and conducted an investigation. They said in September that “serious issues were discovered in the company’s system risk management system and its response to the risk of crypto asset leaks.”
A spokesperson for the Financial Services Agency told Recorded Future News it was still pressing DMM for answers about the incident, writing that the company’s initial report on what happened “did not clearly state the specific facts” and did not involve a “root cause” analysis. of the leak.
They noted that they want the DMM situation to be an example for the future that “increases stability among other cryptocurrency exchange operators and prevents similar cases from occurring.”
Future saved
Intelligence cloud.
