bitcoin
bitcoin

$98122.524827 USD

4.03%

ethereum
ethereum

$3474.043885 USD

2.11%

tether
tether

$0.999421 USD

0.05%

xrp
xrp

$2.311979 USD

2.93%

bnb
bnb

$698.832702 USD

1.37%

solana
solana

$198.872793 USD

5.11%

dogecoin
dogecoin

$0.337265 USD

4.78%

usd-coin
usd-coin

$1.000181 USD

0.00%

cardano
cardano

$0.934368 USD

2.16%

tron
tron

$0.256072 USD

1.34%

avalanche
avalanche

$41.234251 USD

7.08%

chainlink
chainlink

$25.087100 USD

4.33%

toncoin
toncoin

$5.864858 USD

4.75%

shiba-inu
shiba-inu

$0.000024 USD

5.84%

sui
sui

$4.612546 USD

-2.26%

Cryptocurrency News Articles

North Korean Hackers Stole $308M in Bitcoin From DMM Bitcoin in May 2024, Agencies Say

Dec 24, 2024 at 05:39 pm

Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors.

North Korean Hackers Stole $308M in Bitcoin From DMM Bitcoin in May 2024, Agencies Say

Japanese and U.S. authorities have formally linked the theft of cryptocurrency to the tune of $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors.

"The theft is connected to TraderTraitor threat activity, also known as Jade Sleet, UNC4899, and Slow Pisces," the agencies stated. "Multiple employees of the same company at once are frequently targeted by TraderTraitor activity with the use of social engineering."

The Federal Bureau of Investigation, the Department of Defense Cyber Crime Center, and the National Police Agency of Japan are credited with issuing the warning. It's interesting to note that DMM Bitcoin stopped operating earlier this month.

TraderTraitor is a group of persistent threat activities connected to North Korea that has targeted Web3 businesses in the past, luring victims into downloading cryptocurrency apps that contain malware and ultimately enabling theft. It has been active since at least 2020 and is known for its activities.

The hacking team has carried out a number of attacks in recent years that make use of social engineering campaigns centered on employment or reaching out to potential targets under the guise of working together on a GitHub project, which then results in the deployment of malicious npm packages.

The group is perhaps best known, though, for its penetration and unauthorized access to JumpCloud's systems last year in order to target a select group of downstream customers.

The FBI documented an attack chain in which the threat actors contacted an employee at Ginco, a software company for cryptocurrency wallets based in Japan, in March 2024, posing as a recruiter and providing them with a URL to a malicious Python script hosted on GitHub as part of a supposed pre-employment test.

The victim, who had access to Ginco's wallet management system, copied the Python code to their personal GitHub page, which ultimately resulted in their compromise.

The adversary proceeded to the next stage of the attack in mid-May 2024, exploiting session cookie information to impersonate the compromised employee and successfully gaining access to Ginco's unencrypted communications system.

"In late-May 2024, the actors likely used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the loss of 4,502.9 BTC, valued at $308 million at the time of the attack," the agencies said. "The stolen funds ultimately moved to TraderTraitor-controlled wallets."

The disclosure follows Chainalysis's assertion that North Korean threat actors were responsible for hacking DMM Bitcoin, with the attackers targeting infrastructure vulnerabilities to make unauthorized withdrawals.

"The attacker moved millions of dollars' worth of crypto from DMM Bitcoin to several intermediary addresses before eventually reaching a Bitcoin CoinJoin Mixing Service," the blockchain intelligence firm said.

"After successfully mixing the stolen funds using the Bitcoin CoinJoin Mixing Service, the attackers moved a portion of the funds through a number of bridging services, and finally to HuiOne Guarantee, an online marketplace tied to the Cambodian conglomerate, HuiOne Group, which was previously exposed as a significant player in facilitating cybercrimes."

The development also occurs as the AhnLab Security Intelligence Center (ASEC) has disclosed that Andariel, a North Korean threat actor operating within the Lazarus Group, is deploying the SmallTiger backdoor in attacks targeting South Korean asset management and document centralization solutions.

News source:thehackernews.com

Disclaimer:info@kdj.com

The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!

If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.

Other articles published on Dec 25, 2024