North Korean Hackers Linked to $308M Theft from Japanese Crypto Exchange

The FBI and Japanese authorities identify state-backed group TraderTraitor as the perpetrators of the May 2024 cyberattack on DMM Bitcoin.

The cyberattack on DMM Bitcoin resulted in the theft of 4,502.9 Bitcoin, valued at $308 million at the time, forcing the exchange to halt operations and investigations to proceed.
The FBI attributed the attack to North Korea's TraderTraitor group, also known as Jade Sleet, UNC4899, and Slow Pisces, which has targeted the blockchain sector since 2022.
The attack began in March 2024, when a TraderTraitor operative posed as a LinkedIn recruiter and tricked a Ginco employee into running malicious code disguised as a job test.
Using the compromised employee's credentials, the hackers accessed Ginco's systems and later manipulated a legitimate transaction at DMM Bitcoin to execute the theft.
North Korean-linked hackers were responsible for over half of all cryptocurrency thefts in 2024, stealing $1.34 billion across 47 incidents, according to Chainalysis.