According to the latest investigation, the hacker group known as Lazarus, which is associated with North Korea, was behind the hacking of the Japanese cryptocurrency exchange DMM Bit. The Lazarus hackers are known to be closely linked to the notorious Lazarus Group.
Last May, the exchange lost 4,502 Bits due to this incident, which was valued at $308 million.
Hacking Causes Closure of DMM Bit
The DMM Bit hacking was one of the biggest cryptocurrency hacking incidents of the year. The significant losses and failed recovery efforts ultimately led to the closure of the exchange.
Initially, the attack was linked to the notorious Lazarus Group, but the US and Japanese authorities now believe that the more specialized North Korean group, Tradertraitor, was behind the attack.
According to the FBI, the hackers used advanced social engineering techniques to target the Japanese cryptocurrency wallet company Ginco. In March, they posed as recruiters on LinkedIn and sent a malicious link disguised as a pre-employment test hosted on GitHub.
Unfortunately, a Ginco employee unwittingly executed the code, compromising the GitHub account. The hackers then exploited the stolen information.
By May, they had infiltrated Ginco's communication system, posing as Ginco employees. This allowed them to manipulate legitimate trade requests from DMM Bit employees. As a result, the attackers were able to transfer the stolen Bits to wallets under their control.
Despite efforts to purchase replacement Bits to compensate users, the financial impact was insurmountable. The company ultimately announced its closure and plans to transfer accounts to SBI VC Trade by March 2025.
North Korea, a Persistent Threat to the Crypto Industry
Meanwhile, this attack highlights the persistent threat posed by North Korean hacking groups. In 2024 alone, these groups stole $1.34 billion in cryptocurrency, accounting for two-thirds of global cryptocurrency theft.
In July, the stolen funds were laundered through Huobi, a company operating in Cambodia. According to Chainalysis, the Cambodian company carried out several pig slaughter operations estimated at around $49 billion.
In December, Cambodia responded with regulatory crackdowns, blocking access to 16 cryptocurrency exchanges, including major platforms like Binance, Coinbase, and OKX.
"People in the crypto industry are (hopefully) already aware that Lazarus is one of the most widespread threat actors targeting this industry. They've harmed more people, companies, and protocols than anyone else. But it's good to know exactly how they infiltrate, because another smart contract audit won't save you." - Taylor Monahan, Metamask Security Expert
Overall, the DMM Bit hacking was the second-largest cryptocurrency theft incident in Japan, following the $530 million Coincheck hack in 2018.
