Cyber Crime
North Korea-Backed Hacker Poses as LinkedIn Recruiter, Steals Rs 2,560 Crore from Japanese Crypto Firm
In a joint alert, US and Japanese authorities have identified North Korean hackers as the culprits behind a massive $308 million cryptocurrency theft from Japan-based crypto firm DMM in May 2024. The FBI, Department of Defense Cyber Crime Center, and Japan’s National Police Agency have attributed the attack to a notorious North Korean cybercrime group known as TraderTraitor, also referred to as Jade Sleet, UNC4899, and Slow Pisces.
Sophisticated Social Engineering Attack
The heist began with a targeted social engineering campaign in late March 2024. Posing as a recruiter on LinkedIn, the hackers approached an employee at Ginco, a Japanese enterprise cryptocurrency wallet software company. This employee was targeted due to their access to Ginco’s wallet management system.
ALSO READ: FCRF Excellence Awards for Chief Information Security Officers (CISOs)-
[Nominate a CISO]
Under the guise of a pre-employment test, the attackers shared a link to a malicious Python script hosted on GitHub. Unaware of the threat, the victim copied the script to their personal GitHub page, inadvertently compromising their credentials.
Exploiting Internal Systems
By mid-May, the hackers used session cookie information to impersonate the compromised employee and gained access to Ginco’s unencrypted communication system. This access enabled them to manipulate a legitimate transaction request by a DMM employee later that month, resulting in the theft of 4,502.9 Bitcoin—valued at $308 million at the time. The stolen funds were quickly transferred to wallets controlled by TraderTraitor.
ALSO READ: FCRF Excellence Awards for Fraud Risk Management Professionals-
[Nominate for Fraud Risk Award]
North Korea’s Growing Crypto Heists
The heist is part of a broader trend of North Korean cybercrime targeting the cryptocurrency industry. A recent report by blockchain analytics firm Chainalysis revealed that North Korean hackers stole a staggering $1.34 billion in cryptocurrency across 47 incidents in 2024, accounting for 61% of all crypto thefts that year.
These stolen assets are believed to fund Pyongyang’s regime, highlighting the global implications of these cybercrimes.
Ongoing Efforts to Combat Crypto Theft
US and Japanese authorities, along with international partners, are ramping up efforts to expose and counter North Korea’s illicit activities, including cybercrime and cryptocurrency theft. The alert underscores the need for robust cybersecurity measures to protect against increasingly sophisticated threats.
