In May 2024, the North Korean state-backed hacker group known as TraderTraitor executed a major cryptocurrency heist, stealing 4,502.9 Bitcoin worth $308 million from Japanese crypto exchange DMM Bitcoin.
The FBI recently confirmed the attack, attributing it to TraderTraitor, also known as Jade Sleet, UNC4899, and Slow Pisces.
The sophisticated breach unfolded over several months, starting in March 2024. A member of TraderTraitor posed as a legitimate recruiter on LinkedIn and approached an employee of Ginco, a Japanese enterprise specializing in cryptocurrency wallet software.
The attacker lured the employee with a job proposal that included a pre-employment test hosted on GitHub. The test required the victim to execute malicious Python code on their computer, which granted TraderTraitor access to Ginco’s systems.
Using this foothold, the attackers infiltrated Ginco’s wallet management system and moved laterally to DMM Bitcoin. By mid-May, they exploited session cookies to impersonate the compromised employee and access Ginco’s unencrypted communications. Later that month, the attackers manipulated a legitimate transaction request by a DMM Bitcoin employee, ultimately siphoning off the 4,502.9 BTC.
The breach forced DMM Bitcoin to suspend account registrations, withdrawals, and trading activities while investigations were underway. The FBI has been tracking TraderTraitor since 2022, noting their persistent targeting of the blockchain industry with fake apps and social engineering campaigns.
TraderTraitor’s tactics are part of a larger trend among North Korean cyber groups, which frequently use social engineering to exploit human vulnerabilities. In 2023, GitHub warned about a campaign targeting developers in blockchain, cryptocurrency, online gambling, and cybersecurity sectors, a hallmark of TraderTraitor’s methods.
The group has also been implicated in attempts to cash out large sums of stolen cryptocurrency. Last year, the FBI issued warnings about the group’s plans to liquidate 1,580 Bitcoin, worth approximately $41 million at the time.
