US and Japan Blame North Korea for $308m Crypto Heist


US and Japanese authorities have attributed a major cryptocurrency heist worth $308m to North Korean hackers.

An alert from the FBI, Department of Defense Cyber Crime Center and National Police Agency of Japan said the May 2024 theft from Japan-based crypto firm DMM was carried out by a North Korean threat group tracked as TraderTraitor, aka Jade Sleet, UNC4899 and Slow Pisces.

The agencies revealed that TraderTraitor carried out a targeted social engineering attack to access and steal the crypto funds. This campaign began in late March 2024, when the threat actor, masquerading as a recruiter on LinkedIn, contacted an employee at Ginco, a Japan-based enterprise cryptocurrency wallet software company.

The employee was targeted as they maintained access to Ginco’s wallet management system.

TraderTraitor sent the employee a URL linked to a malicious Python script under the guise of a pre-employment test located on a GitHub page. The victim copied the Python code to their personal GitHub page and was subsequently compromised.

After mid-May 2024, the hackers exploited session cookie information to impersonate the compromised employee and successfully gained access to Ginco’s unencrypted communications system.

In late-May 2024, the actors likely used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the loss of 4,502.9 Bitcoin, worth $308m at the time of the attack.

The stolen funds were subsequently moved to TraderTraitor-controlled wallets.

Read now: North Korea Targeting Crypto Industry, Says FBI

North Korea Ramps Up Crypto Thefts to Fund Regime 

A report by blockchain analytics firm Chainalysis, published on December 19, found that North Korea-affiliated hackers stole $1.34bn worth of cryptocurrency across 47 incidents during 2024.

This represents 61% of the total amount of crypto stolen throughout the year.

North Korean groups have carried out a vast volume of crypto thefts in recent years, with the proceeds generating revenue for the Pyongyang regime.

The new alert said the FBI, National Police Agency of Japan and other US government and international partners will continue to expose and combat North Korea’s use of illicit activities, including cybercrime and cryptocurrency theft.



Source link

Leave a Comment