Meet the Top 101 in Crypto
News
3 min read

FBI Links North Korean Hackers to Largest Crypto Hack of 2024

Published 24 December 2024
Prashant Jha
Authors
Edited by Insha Zia

Key Takeaways

  • The FBI has linked the $308 million hack of Japanese crypto exchange DMM to North Korean hackers.
  • Hackers used social engineering techniques to access DMM’s custody wallet.
  • North Korean hacking groups accounted for 61% of total crypto stolen in 2024.

In May 2024, Japanese cryptocurrency exchange DMM Bitcoin Co. suffered a staggering loss of 48 billion yen (approximately $308 million) in what has now been confirmed as the largest crypto exploit of the year.

According to the FBI, the attack was orchestrated by North Korean hackers, who are notorious for such high-profile breaches.

Utilizing sophisticated social engineering tactics, the group exploited human vulnerabilities to bypass security protocols, a hallmark of their recent operations.

Social Engineering: A Tactical Edge in the DMM Hack

The FBI’s investigation revealed that North Korean hackers posed as recruiters on LinkedIn, targeting a Ginco employee with access to wallet management systems.

After initiating contact in March 2024, the hackers sent the employee a malicious Python script disguised as a pre-employment test.

Unwittingly, the victim uploaded the script to their personal GitHub page, compromising their system and exposing Ginco’s unencrypted communication channels.

This breach enabled the hackers to intercept and manipulate a legitimate transaction request in May, resulting in the theft of 4,502.9 BTC, valued at $308 million at the time.

The FBI noted that this attack aligns with a pattern of “TraderTraitor” threat activity, also tracked under aliases like Jade Sleet and UNC4899.

North Korea Hackers: Crypto’s Persistent Nemesis

North Korean hackers have become synonymous with large-scale crypto theft.

Recent on-chain analyses revealed that DPRK-linked wallets have been active on multiple platforms, raising concerns about ongoing and future exploits.

One key area of focus is Hyperliquid, a decentralized leverage trading platform.

Analysts observed that North Korean-linked wallets lost $700,000 in leveraged trades over the past few months, leading to speculation that the group is probing for vulnerabilities.

Hyperliquid’s USDC bridge, guarded by just four validators overseeing $22 billion in assets, is particularly at risk. Experts warn that compromising three validators could enable the theft of at least $2.3 billion.

Meanwhile, DPRK wallets have also been linked to suspicious activity on MetaMask, a widely used decentralized wallet platform.

Alleged hackers reportedly moved $200,000 through MetaMask and profited $1,985 in swap fees, a possible prelude to more significant exploits. “DPRK doesn’t trade. DPRK tests,” one crypto analyst cautioned.

A Year of Unprecedented Losses

In 2024, North Korean hacking groups were responsible for 61% of all stolen cryptocurrency, totaling $1.3 billion in illicit gains.

The Lazarus Group alone accounted for 20% of all known hacking incidents, shifting their focus from decentralized platforms to centralized exchanges with larger asset pools.

Following the DMM attack, India-based exchange WazirX suffered a $234 million breach in June, further highlighting this trend.

Both cases illustrate how the group has refined its tactics, leveraging social engineering as a powerful tool to bypass even the most advanced security measures.

As the year draws to a close, the crypto industry faces mounting pressure to bolster defenses and preempt emerging threats.

Prashant Jha

Prashant Jha is a seasoned crypto journalist based in Delhi, India, with a Bachelor’s Degree in Computer Science Engineering. Passionate about the evolving world of blockchain and cryptocurrencies, he has been a dedicated voice in the industry since 2018. Prashant’s expertise lies in regulatory reporting, where he unravels complex legal and financial developments with clarity and precision. Before joining CCN in 2024, he honed his craft at Cointelegraph, establishing himself as a trusted name in crypto journalism.

His coverage spans major industry events, including the high-profile collapses of FTX, Three Arrows Capital (3AC), and LUNA, offering readers insightful analyses of their regulatory and market implications. Prashant’s technical background enables him to bridge the gap between intricate blockchain technology and its real-world applications, making his work accessible to novices and experts.

Beyond his professional pursuits, Prashant is an avid music enthusiast, often exploring diverse genres to unwind. A sports lover, he has a particular passion for cricket and frequently engages in discussions about the game. His multifaceted interests and sharp journalistic instincts make him a valuable contributor to CCN, where he continues shaping the crypto landscape's narrative.

Related

Survey Icon
Help us improve
1 of 4
Is this your first time here?
What brought you here today?
What are you most interested in?
Would you be interested in:
Thank you icon
Thank you for your feedback!
DMCA.com Protection Status