In a shocking revelation, it has been disclosed by the FBI that the masterminds behind the biggest crypto heist of 2024 were seasoned cybercriminals working on behalf of the North Korean government. The stolen amount of $308 million in cryptocurrency from the Japanese platform DMM in May was traced back to North Korean hackers known in the cyber world as Lazarus or TraderTraitor.
According to a joint statement released by the FBI, the Defense Department, and the National Police Agency of Japan, the heist was orchestrated by a North Korean cyber actor who gained access to a Japan-based cryptocurrency wallet software firm in late March 2024. This access was then used to breach DMM, leading to the theft of 4,502.9 BTC worth $308 million at the time of the attack.
The agencies further revealed that the stolen funds were channeled into TraderTraitor-controlled wallets. They emphasized their commitment to exposing and combating North Korea’s illicit activities, including cybercrime and cryptocurrency theft, as a means to generate revenue for the regime.
This latest incident adds to a string of high-profile attacks attributed to TraderTraitor in recent years. In 2023, the group was responsible for hacking cryptocurrency companies like Atomic Wallet, Alphapo, and CoinsPaid, resulting in millions of dollars in losses. Additionally, they were behind the $100 million hack of Harmony’s Horizon bridge and the $600 million hack of Sky Mavis’ Ronin Bridge.
TraderTraitor’s tactics involve targeting users associated with cryptocurrency and blockchain-related organizations, as well as vendors used by such firms. Last year, Microsoft issued a warning to GitHub users about a similar campaign where personal accounts of employees of technology firms were being targeted by the group.
Recent data from Chainalysis revealed that hacking groups linked to North Korea’s government had stolen $1.34 billion worth of cryptocurrency in 47 incidents in 2024, marking a significant increase from previous years. The escalating trend of cryptocurrency theft by North Korean hackers saw $660.50 million stolen in 20 attacks in 2023 and over $1.7 billion in 2022.
The impact of the DMM heist was so severe that the company was forced to shut down just two weeks ago. The stolen cryptocurrency, now valued at over $440 million due to price fluctuations, prompted DMM Bitcoin to take out substantial loans to cover the losses. In June, the company secured a massive loan of 55 billion yen (approximately $367 million) for this purpose.
Following the attack, Japan’s Financial Services Agency conducted an investigation into DMM’s security and risk management systems. The agency identified serious deficiencies in the company’s system and its response to the risk of crypto asset leakage. They emphasized the need for cryptocurrency exchange operators to improve stability and prevent similar breaches in the future.
The Financial Services Agency spokesperson stated that they are continuing to demand answers from DMM regarding the incident, stressing the importance of learning from the case to enhance security measures in the cryptocurrency industry. This incident serves as a stark reminder of the evolving landscape of cyber threats and the critical need for robust cybersecurity measures to safeguard digital assets.