Japan’s National Police Agency announced Tuesday that the hacker group TraderTraitor, believed to be based in North Korea, is likely responsible for a May cyberattack that resulted in the theft of $308 million in Bitcoin from the Japanese cryptocurrency exchange DMM Bitcoin.
The breach occurred after a computer virus was sent to an employee at Ginco, a company handling DMM Bitcoin’s deposits and withdrawals.
The virus, disguised as a job recruitment message sent via LinkedIn, was opened by the employee, granting the hackers access to Ginco’s system and its unencrypted communications.
This allowed TraderTraitor to access and steal customer deposits, which were then transferred to the hackers’ wallet. The digital trail was traced with assistance from the FBI and the U.S. Defense Department’s Cyber Crime Center.
TraderTraitor is suspected to be a division of the Lazarus Group, a notorious hacking collective linked to the North Korean government.
The attack, which involved the theft of 4,502.9 Bitcoin, has led to the closure of DMM Bitcoin, which has been operating with limited services since the incident.
The exchange plans to shut down completely in March, transferring its remaining accounts to the platform SBI VC Trader.
Peoplesmind
