North Korean Hackers Steal $308 Million in Crypto via Fake Job Interview

By Riley ThompsonTechnology News

North Korean Hackers Steal $308 Million from Japanese Crypto Company via Fake Job Interview

North Korean hackers have stolen $308 million worth of cryptocurrency from the Japanese company Bitcoin.DMM.com, according to reports from the U.S. Federal Bureau of Investigation, the Department of Defense Cyber Crime Center, and Japan’s National Police Agency.

The attack was carried out by the hacker group TraderTraitor, also known as Jade Sleet, UNC4899, and Slow Pisces. The criminals used social engineering techniques, simultaneously targeting several employees of the company.

How the Attack Happened

In late March 2024, a North Korean hacker contacted an employee of the Japanese company Ginco via LinkedIn, posing as a recruiter. Ginco develops software for corporate cryptocurrency wallets.

The attacker sent the employee, who had access to Ginco’s wallet management system, a malicious Python script disguised as a pre-employment test. The script was hosted on GitHub. The victim copied the code to their personal GitHub page, which led to their system being infected.

By mid-May 2024, members of the TraderTraitor group had gained unauthorized access to Ginco’s communication system. The hackers used session cookie data, allowing them to operate within the system as the compromised employee.

At the end of the same month, the hackers intervened in the processing of a legitimate transaction request from a DMM employee. This allowed the attackers to steal 4,502.9 bitcoins, which at the time of the attack was valued at $308 million. All stolen funds were transferred to cryptocurrency wallets controlled by the TraderTraitor group.

Ongoing Investigation and Service Closure

The FBI, Japan’s National Police Agency, and other government and international partners continue to work on identifying and countering North Korea’s illegal activities, including cybercrimes and cryptocurrency thefts aimed at funding the regime.

In early November 2024, DMM announced the closure of its DMM Bitcoin cryptocurrency service. The company stated that all customer accounts and assets would be transferred to the crypto platform SBI VC Trade, a subsidiary of the financial conglomerate SBI Group. The service is expected to close in March 2025, after the transfer is completed as agreed in November 2024.

Source

Leave a Reply