How $300M in Bitcoin Stolen in Japan Traced To North Korea’s Hackers

Sarah Jane
By Sarah Jane Add a Comment
6 Min Read
$300M Bitcoin Stolen In Japan Traced To North Korea's Hackers

The FBI and Japan’s National Police Agency have linked the North Korean hacker group TraderTraitor to a major attack on Japan’s DMM Bitcoin exchange, stealing 4,502.9 Bitcoin (worth $305 million).

XRP price

How Did DMM Bitcoin Lose $305 Million?

On May 31, 2024, hackers stole over 4,500 BTC from DMM Bitcoin’s wallet when a private key linked to it was compromised. The hack, which the company described as an “unauthorized leak,” is one of Japan’s largest crypto hacks, second only to the infamous $530 million Coincheck hack in 2018.  In response, the exchange froze withdrawals and limited trading, assuring users that all Bitcoin deposits would be refunded. However, the breach forced the exchange to pause its restructuring efforts and prioritize finding solutions for its customers. T

FBI Warns of North Korea’s Cybercrime Network’s Role Behind the Hack

The breach was traced to TraderTraitor, a group linked to North Korea’s cybercrime network, operating under aliases like Jade Sleet, UNC4899, and Slow Pisces. The FBI, along with global partners, is working to address North Korea’s involvement in cybercrime and cryptocurrency theft.

 

FBI Warns of North Korea’s Cybercrime Network's Role Behind the Hack
FBI Warns of North Korea’s Cybercrime Network’s Role Behind the Hack

 

An official statement reads:

“The FBI, National Police Agency of Japan, and other U.S. and international partners will continue to expose and combat North Korea’s use of illicit activities—such as cybercrime and cryptocurrency theft—to fund its regime.”

Analyst ZachXBT had previously connected the attack to the Lazarus Group, pointing to similarities in laundering methods and off-chain activities.

How Did Social Engineering Fuel the Cyber Heist?

The operation began when TraderTraitor hackers, posing as LinkedIn recruiters, targeted an employee of Ginco, a Japan-based crypto wallet software firm with links to DMM Bitcoin. The attackers used a malicious Python script disguised as part of a pre-employment test to breach Ginco’s systems.

How Did Social Engineering Fuel the Cyber Heist?
How Did Social Engineering Fuel the Cyber Heist?

Advertisement Banner

 

The unsuspecting employee uploaded the compromised code to their GitHub page, inadvertently granting the hackers access to the company’s unencrypted communications. The attackers then manipulated a legitimate transaction request by a DMM Bitcoin employee, siphoning off over $300 million worth of BTCs into TraderTraitor-controlled wallets.

The Fallout From the Hack

The stolen funds represent a significant blow to the DMM Bitcoin, which launched in 2018. This setback led to the halt of its Seamoon Protocol project, which focused on Web3 gaming and anime, and the shelving of its stablecoin launch with Progmat. Despite raising $365 million earlier this year, the company couldn’t recover from the loss. By March 2025, the company plans to shut down and transfer all customer assets to SBI VC Trade, a cryptocurrency exchange managed by the SBI Group.

A Growing Trend of Exchange Attacks

The DMM Bitcoin hack is part of a broader rise in attacks on centralized exchanges in 2024. Other major incidents this year include the $235 million breach of India’s WazirX exchange, a $52 million hack on Singapore’s BingX, and a $55 million exploit of Turkey’s BtcTurk. More recently, Seychelles-based XT.com paused withdrawals after a suspected $1.7 million hack.

Conclusion

The DMM Bitcoin attack has shaken Japan’s crypto industry and raised global concerns about state-sponsored cybercriminals. With North Korea’s TraderTraitor group behind the $305 million theft, the attack exploited social engineering tactics to compromise the exchange. The hack has hit Japan’s crypto industry hard, causing the exchange to shut down. As authorities track the stolen funds, stronger security in crypto is urgently needed.

Stay tuned to The BIT Journal and watch Crypto’s updates. Follow us on Twitter and LinkedIn, and join our Telegram channel to be instantly informed about breaking news!

Frequently Asked Questions (FAQs)

What happened in the DMM Bitcoin hack?
Hackers stole 4,500 BTC ($305 million) from DMM Bitcoin after a private key was compromised.

Who is behind the attack?
The attack was linked to TraderTraitor, a North Korean hacker group connected to the regime’s cybercrime network.

What role did social engineering play in the hack
Hackers used a LinkedIn recruitment scam to target an employee of a partner firm, Ginco, to gain access to unencrypted communications.

How has the FBI responded to the attack?
The FBI, along with international partners, is investigating and working to expose North Korea’s cybercrime network.

What impact does this hack have on Japan’s crypto industry?
The DMM Bitcoin hack has raised concerns about cybersecurity in Japan’s crypto sector and globally.

Disclaimer

The price predictions and financial analysis presented on this website are for informational purposes only and do not constitute financial, investment, or trading advice. While we strive to provide accurate and up-to-date information, the volatile nature of cryptocurrency markets means that prices can fluctuate significantly and unpredictably.

You should conduct your own research and consult with a qualified financial advisor before making any investment decisions. The Bit Journal does not guarantee the accuracy, completeness, or reliability of any information provided in the price predictions, and we will not be held liable for any losses incurred as a result of relying on this information.

Investing in cryptocurrencies carries risks, including the risk of significant losses. Always invest responsibly and within your means.

Share This Article
Leave a Comment