Published on: December 26, 2024
Hackers linked with the Democratic People of Korea (North Korea) stole $308 million worth of cryptocurrency by posing as LinkedIn recruiters. The threat actors, TraderTraitor, stole the funds from Bitcoin DMM, a Japanese cryptocurrency company. DMM was revamping its operations to increase profits and become more prominent in the crypto world.
After the devastating heist, it’s shutting down permanently. TraderTraitor targets multiple employees in the same company while employing complex social engineering schemes. In the past, the group used these tactics to rob companies blind. Now, TraderTraitor forced DMM to shut its doors.
In March 2024, it reached out to an employee at the crypto wallet company, Ginco. The hackers convinced an employee to copy some of their malicious code, which immediately compromised Ginco. From there, the hackers gained access to Ginco’s encrypted communication systems and used it to stage further assaults.
“The threat actor sent the target, who maintained access to Ginco’s wallet management system, a URL linked to a malicious Python script under the guise of a pre-employment test located on a GitHub page,” the FBI report said. “After mid-May 2024, TraderTraitor actors exploited session cookie information to impersonate the compromised employee and successfully gained access to Ginco’s unencrypted communications system.”
The FBI believes they went on to manipulate a legitimate transaction from a DNN employee to transfer out 4,502.9 BTC, which equates to roughly $308 million at this time. The stolen funds were then moved to fraudulent TraderTraitor wallets. The scam is complex, but not unusual for threat actors.
“The FBI, National Police Agency of Japan, and other US government and international partners will continue to expose and combat North Korea’s use of illicit activities — including cybercrime and cryptocurrency theft — to generate revenue for the regime,” the report said.
If the investigation goes well, it may be possible to recover some of the stolen funds.