Announcementseverity: High2024-12-23
FBI attributes $308M DMM Bitcoin theft to DPRK TraderTraitor
published by U.S. Federal Bureau of Investigation
Actor
DPRK state-sponsored umbrella set associated with the Reconnaissance General Bureau. Mixes financially-motivated operations (including major cryptocurrency exchange thefts and SWIFT-network bank intr…
Summary
FBI, DC3, and Japan's NPA jointly attributed the May 2024 theft of 4,502.9 BTC (~$308M at time of theft) from Japanese exchange DMM Bitcoin to North Korean TraderTraitor activity, overlapping with Lazarus / APT38 reporting. The operation started with a LinkedIn-delivered fake pre-employment test targeting an employee at Ginco, DMM's wallet-software vendor; operators rode that access to manipulate a legitimate withdrawal request from a DMM employee. DMM ultimately announced closure following the loss.
Tags
cryptocurrencysupply-chainattributionjapan
Primary source
fbi.govOther Lazarus Group events
- 2026-04-18Lazarus / TraderTraitor steals $577M from Drift + KelpDAO inside three weeks
- 2025-02-21Lazarus / TraderTraitor executes $1.5B Bybit heist — largest crypto theft in history
- 2023-03-293CX Desktop App supply-chain compromise
- 2022-03-29Ronin Network bridge theft (~$620M)
- 2017-05-12WannaCry global ransomware outbreak