Authorities in Japan and the United States have identified North Korean cyber actors as the culprits in the theft of $308 million in DMM bitcoin cryptocurrency in May 2024. This cyber heist was officially attributed to TraderTraitor threat activity linked to North Korea, who is also recognized under aliases such as Jade Sleet, UNC4899 and Slow Pisces.
TraderTraitor: a persistent threat in the Web3 sector
The hacking group's activities often involve highly coordinated social engineering efforts targeting multiple employees within the same organization simultaneously, according to statements from the US Federal Bureau of Investigation (FBI).the Department of Defense Cyber Crime Center and the National Police Agency of Japan. This disclosure follows DMM bitcoin's decision to cease operations earlier this month as a direct result of the breach.
TraderTraitor is a persistent threat group that has been active since at least 2020. It frequently targets companies operating in the Web3 sector, often prompting victims to download malware-infected cryptocurrency applications. This approach allows the group to facilitate theft on a significant scale.
In recent years, the group has executed a variety of attacks leveraging work-related social engineering tactics. These campaigns include reaching out to potential targets under the guise of recruiting or collaborating on GitHub projects, often resulting in the distribution of malicious npm packages. One of the group's most notorious exploits was its unauthorized access to JumpCloud's systems last year, targeting a select group of downstream customers.
Recent Attack Strategies and DMM's bitcoin Heist
The attack on DMM bitcoin followed a similar pattern. In March 2024, a TraderTraitor agent posed as a recruiter to approach an employee at Ginco, a Japan-based cryptocurrency wallet software company. The operative shared a malicious Python script hosted on GitHub, disguised as part of a pre-employment test. Unfortunately, the employee, who had access to Ginco's wallet management system, inadvertently compromised the company's security by copying the script to his personal GitHub account.
In mid-May 2024, attackers intensified their efforts by exploiting session cookie information to impersonate the compromised Ginco employee. This allowed them to access Ginco's unencrypted communications system. In late May 2024, threat actors manipulated a legitimate transaction request from a DMM bitcoin employee and ultimately stole 4,502.9 btc, valued at $308 million at the time. The stolen funds were traced to wallets under TraderTraitor's control.
This disclosure aligns with the findings of Chainalysis, a blockchain intelligence company, which also linked the DMM bitcoin hack to North Korean cybercriminals. According to Chainalysis, attackers took advantage of infrastructure vulnerabilities to execute unauthorized withdrawals.
<blockquote class="twitter-tweet” data-width=”550″ data-dnt=”true” wp_automatic_readability=”15.891008174387″>
NORTH KOREA HACKERS ACHIEVED GREAT SUCCESS IN 2024
They doubled their 2023 haul, stealing $1.3 billion in cryptocurrency this year, according to Chainalysis.
Using tactics such as posing as remote IT workers, they infiltrated companies to fund Pyongyang's weapons programs and evade sanctions.
Important… pic.twitter.com/RppswOHaRC
– Mario Nawfal (@MarioNawfal) <a target="_blank" href="https://twitter.com/MarioNawfal/status/1871203545896370670?ref_src=twsrc%5Etfw”>December 23, 2024
Chainalysis reported that hackers transferred millions in cryptocurrency to intermediary addresses before using a bitcoin mixing service CoinJoin. After successfully hiding the funds, the attackers routed portions through various bridging services. The stolen assets eventually made their way to HuiOne Guarantee, an online marketplace affiliated with Cambodia's HuiOne Group, which has previously been implicated in cybercrime activities.
Meanwhile, the AhnLab Security Intelligence Center (ASEC) recently exposed another North Korean threat group. A subgroup of the Lazarus Group, known as Andariel, has been deploying the SmallTiger backdoor to target South Korean asset management and document centralization solutions.
This series of revelations underscores North Korea's growing role in cybercrime, particularly within the cryptocurrency sector, as it continues to exploit sophisticated techniques and infrastructure vulnerabilities to finance its operations.
Simplifying Meme Coin Investments with Meme Index
Meme Index is a decentralized platform designed to simplify investments in the meme coin market by offering exposure through four unique indices: Titan, Moonshot, MidCap and Frenzy. Each index is designed to accommodate different levels of risk, ranging from stable, well-established meme coins like DOGE and SHIB in the Titan index to high-risk, high-reward exotic tokens in the Frenzy index. Investors can use the $MEMEX token to access these indices and participate in governance, ensuring the platform evolves with market trends and community input.
What sets Meme Index apart is its emphasis on diversification and community-driven decision making. Instead of investing in individual meme coins, users gain exposure to a select basket of tokens, reducing risk while capitalizing on market trends. $MEMEX holders can also stake their tokens to earn high APY rewards, both during the pre-sale and after the token launch. This staking mechanism not only improves profitability but also supports the growth of the platform. With governance privileges, $MEMEX holders can vote on proposals, including adding or removing meme coins from indices, making the platform dynamic and community-focused.
Related news
The Newest Meme Coin ICO – Wall Street Pepe
- Audited by Coinsult
- Early Access Pre-Sale Round
- Private Trading Alpha for $WEPE Army
- Betting pool: Highly dynamic APY
<script async src="//platform.twitter.com/widgets.js” charset=”utf-8″>