The FBI has attributed the largest cryptocurrency theft of 2024 to TraderTraitor, a North Korean hacking group also known as Lazarus. The $308 million heist targeted Japan’s cryptocurrency platform DMM, revealing the ongoing sophistication of state-sponsored cybercrime.
Details of the Heist
In a joint statement with the U.S. Department of Defense and Japan’s National Police Agency, the FBI disclosed that the attack began in late March 2024, when a North Korean cyber actor compromised a Japan-based cryptocurrency wallet software firm. Using this foothold, the hackers pivoted to DMM and exploited their access in May to manipulate a legitimate transaction request by a DMM employee.
The breach resulted in the theft of 4,502.9 BTC, valued at $308 million at the time of the attack. Due to fluctuations in cryptocurrency prices, the stolen bitcoin is now worth over $440 million.
Fallout for DMM
The severity of the attack forced DMM to announce its closure two weeks ago. The company had to secure massive loans totaling 55 billion yen ($367 million) in June to cover the losses. Japan’s Financial Services Agency (FSA) launched an investigation into the breach and found critical flaws in DMM’s risk management and response systems.
An FSA spokesperson criticized DMM’s initial reporting for failing to analyze the root cause of the breach. The agency emphasized the importance of learning from this incident to bolster stability and security across cryptocurrency exchange operators.
TraderTraitor’s Track Record
TraderTraitor is a notorious state-sponsored hacking group operating on behalf of North Korea’s government. The group has been implicated in several major cryptocurrency heists, including:
- 2023 Attacks
- $100 million hack of Atomic Wallet (June 2).
- $60 million theft from Alphapo (June 22).
- $37 million breach of CoinsPaid (June 22).
- Previous High-Profile Heists
- $100 million hack of Harmony’s Horizon Bridge.
- $600 million theft from Sky Mavis’ Ronin Bridge.
Broader Implications
Chainalysis reported that North Korean-affiliated hacking groups stole $1.34 billion worth of cryptocurrency across 47 incidents in 2024, a significant increase from the $660.5 million stolen in 2023. These figures highlight North Korea’s reliance on cybercrime to fund its regime, with cryptocurrency theft being a key revenue source.
Attack Methods
The TraderTraitor group employs advanced social engineering tactics. Microsoft previously warned GitHub users about the group’s impersonation strategies, where hackers posed as developers or recruiters on platforms like GitHub, LinkedIn, Slack, and Telegram to target employees in cryptocurrency and blockchain-related organizations.
These attacks demonstrate the increasing sophistication of North Korean cyber operations and their ability to exploit systemic vulnerabilities in the global cryptocurrency ecosystem.
Moving Forward
Authorities in the U.S. and Japan remain committed to combating North Korea’s use of cybercrime to support its regime. The FBI, alongside international partners, continues to expose and disrupt these illicit activities.
The DMM breach serves as a wake-up call for cryptocurrency operators to strengthen their defenses, improve risk management, and ensure the security of user funds against state-sponsored cyber threats.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
