North Korean Hackers Stole $308 Million in Cryptocurrency from Japanese Crypto Company

North Korean (DPRK) cyber actors have been identified as the main suspects behind a $308 million cryptocurrency theft that took place in May 2024. 

North Korea is the main cyber actor operating in the crypto theft space and is responsible for the bulk of incidents, year over year. In fact, the latest investigation from Chainalysis states that North Korean hackers were responsible for 61 percent of all cryptocurrency stolen in 2024. 

In total, DPRK cyber actors are responsible for at least $1.34 billion stolen across 47 incidents, and that’s only in a single year. 

“The Federal Bureau of Investigation, Department of Defense Cyber Crime Center, and National Police Agency of Japan are alerting the public to the theft of cryptocurrency worth $308 million U.S. dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors in May 2024,” said the US authorities. 

What makes this particular incident noteworthy, besides the $308 million stolen, is the method used. A North Korean cyber actor took on the persona of a recruiter on LinkedIn and used this position to start a chain reaction. 

According to the authorities, “the threat actor sent the target (DMM), who maintained access to Ginco’s wallet management system, a URL linked to a malicious Python script under the guise of a pre-employment test located on a GitHub page.” 

“The victim copied the Python code to their personal GitHub page and was subsequently compromised,” the FBI added. 

“In late-May 2024, the actors likely used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the loss of 4,502.9 BTC, worth $308 million at the time of the attack,” the FBI concluded. 

The group has been identified as TraderTraitor, which is also tracked across the industry as Jade Sleet, UNC4899, and Slow Pisces.