Decryption of 48.2 billion Bitcoins stolen from Japanese exchange DMM: North Korean hackers are involved in the case, and there are problems with internal operations and outsourcer Ginco

Here is the English translation of the text, with the specified terms translated as requested: In May 2024, the Japanese crypto exchange DMM Bitcoin suffered a major asset loss incident, with the loss attributed to a hacker group related to North Korea. This event revealed potential vulnerabilities in the internal system management and security checks of the Japanese exchange, and has led to widespread industry concern over wallet management and trading security. (A licensed Japanese exchange, DMM, was hacked for 4,503 Bit, with a loss of 48.2 billion yen) Table of Contents - Japan Police Investigation: Fake Recruitment Fraud, Hackers Cleverly Infiltrate the System - Where are the Vulnerabilities in the DMM System? - The Role of the Outsourcing Company Ginco: Outsourced System or Potential Vulnerability? - North Korean Hacker Strategy + DMM's Potential Weaknesses Were Breached! - Warning for the Crypto Industry: Internal and External Defense Cannot Be Lacking - bitFlyer President Kana Yusuke: The Japanese Industry Cannot Be Undefended - Security Measures Need Continuous Improvement and Investment Japan Police Investigation: Fake Recruitment Fraud, Hackers Cleverly Infiltrate the System According to recent reports, the police revealed that hackers, under the guise of a recruitment activity, deceived a technical employee of DMM Bit's outsourced technical development company. Under the pretext of a technical test, they successfully induced the technician to download a malicious program. This program was then used to infiltrate DMM's trading system, tamper with legitimate trading orders, and ultimately result in the transfer of a large amount of crypto assets to the attackers' wallets. (FBI Reveals: North Korea Actively Invading the Crypto Industry, Targeting Crypto Company Employees with Social Engineering Attacks) Where are the Vulnerabilities in the DMM System? This incident has focused attention on DMM's cold wallet management and transaction review process. According to the analysis, as the final asset manager, DMM held the private keys needed to transfer the assets. However, the incident showed that the attackers may have exploited vulnerabilities in the communication between the management device and the cold wallet terminal when tampering with the transaction address. The key to the transaction address tampering attack was that the addresses generated by the attackers were similar in format to the legitimate addresses, making it difficult for the review staff to detect the anomaly. The Role of the Outsourcing Company Ginco: Outsourced System or Potential Vulnerability? The DMM incident also involved the outsourcing company Ginco, which provided the wallet system. Ginco was mainly responsible for providing address management and transaction generation functions, but its internal system may have become an entry point for attackers. It is analyzed that hackers may have planted tampered transaction data through Ginco's management device, and then used DMM's cold wallet terminal for final signing. If DMM had carefully compared the transaction content before and after signing, it should have been able to detect the anomaly, but this link was actually overlooked. North Korean Hacker Strategy + DMM's Potential Weaknesses Were Breached! This attack is believed to be a carefully planned action by North Korean hackers. Although exchanges generally perform regular asset transfers to ensure security, DMM's system vulnerabilities during the transfer period became the primary target of the attackers. Experts point out that the attackers may have chosen a predictable and operable time point, and leveraged DMM's operational habits to carry out a precise strike. Warning for the Crypto Industry: Internal and External Defense Cannot Be Lacking It is commented that this incident is a serious wake-up call for the entire crypto industry. Even though the cold wallet environment is considered the safest asset management method, attackers can still carry out attacks through vulnerabilities in the outsourced management system or internal review. Therefore, the industry must strengthen security checks at every link from transaction generation to final signing, and adhere to the "Don't trust, verify" principle. For this incident, experts suggest that exchanges should strengthen employee training and security awareness education, and adopt multi-factor authentication measures for step-by-step transaction review. In addition, strengthening the management and monitoring of outsourcing partner companies is also an indispensable measure. For other exchanges using the Ginco system, it is particularly important to conduct timely vulnerability checks and take temporary defensive measures.

bitFlyer CEO Yuzo Kano: The Japanese industry must be vigilant

bitFlyer CEO Yuzo Kano stated that bitFlyer is concerned about the lack of security awareness in the Japanese crypto industry. The following are the key points that need attention:

1. Sending address restrictions: If the device allows sending to non-designated addresses, it will pose a serious security problem. The system must pre-set the addresses that can be sent to and strictly limit them through functions such as whitelists.
2. Operator verification process: Operators need to be trained to verbally confirm the sending address, and ensure that the device can fully display the address to prevent "address pollution" attacks.
3. System understanding and review: DMM Company needs to have an in-depth understanding of the Ginco system and conduct independent security reviews, rather than relying entirely on external tools.
4. Possibility of internal information leakage: If hackers have prior knowledge of large-scale fund transfer plans, it may involve internal information leakage or the involvement of internal personnel.
5. Private key management: Private keys should be generated and managed independently by the exchange, avoiding external parties' involvement, and ensuring the security of multi-signature.

He also emphasized the two key points in wallet design:

• Confirmation and restriction of sending addresses: It needs to be restricted by the system and double-checked manually to prevent asset loss.
• Confirmation of the reasonableness of the transfer amount: The amount must be strictly verified, and even for the exchange's own hot wallet, excessive transfers should be avoided to avoid additional risks.

Security measures need to be continuously improved and invested in

Security has no "completed" state, and exchanges should prioritize strengthening processes, conducting continuous employee education, and system improvements. He stated that he expects the industry as a whole to raise security awareness and formulate more specific regulations and systems.