FBI、DC3 和日本 NPA 表示，北韓網路攻擊者對 DMM.com 價值 3.08 億美元的比特幣竊盜案負有責任

此事件針對的是日本加密貨幣平台 DMM.com。它突顯了旨在竊取數位資產的國家支持的網路犯罪日益增長的威脅。

The Federal Bureau of Investigation (FBI), Department of Defense Cyber Crime Center (DC3), and Japan’s National Police Agency (NPA) have attributed the $308 million Bitcoin (BTC) heist from DMM.com to North Korean cyber actors, also known as TraderTraitor, Jade Sleet, UNC4899, or Slow Pisces.

美國聯邦調查局(FBI)、國防部網路犯罪中心(DC3) 和日本國家警察廳(NPA) 將DMM.com 價值3.08 億美元的比特幣(BTC) 竊盜案歸咎於北韓網路犯罪分子，這些犯罪分子也被稱為「朝鮮網路犯罪分子」。

The theft, which occurred in May 2024, was part of a larger campaign targeting Japanese crypto platforms. The incident highlights the increasing threat of state-sponsored cybercrime aimed at stealing digital assets.

這起竊盜事件發生在 2024 年 5 月，是針對日本加密貨幣平台的更大規模活動的一部分。這起事件凸顯了國家支持的旨在竊取數位資產的網路犯罪的威脅日益增加。

FBI’s Investigation Leads to North Korean Hackers

FBI 調查發現北韓駭客

The FBI’s investigation revealed that the cyberattack began in March 2024 with a reconnaissance phase. A North Korean cyber actor posed as a recruiter and contacted an employee of Ginco, a Japan-based crypto wallet software company.

FBI 的調查顯示，網路攻擊始於 2024 年 3 月，處於偵察階段。一名北韓網路演員假扮招募人員，聯繫了日本加密錢包軟體公司 Ginco 的一名員工。

The attacker used LinkedIn to approach the employee and sent a false link claiming it was a pre-employment test. However, the link led to a Python script hosted on GitHub. Once downloaded, the script compromised the employee's system.

攻擊者使用 LinkedIn 來接近該員工，並發送了一個虛假鏈接，聲稱​​這是一次就業前測試。然而，該連結指向託管在 GitHub 上的 Python 腳本。下載後，該腳本就會危害員工的系統。

After gaining entry into the employee's system, the cyber actor exploited session cookie information, allowing them to impersonate the victim and gain further access to Ginco's insecure communications system.

在進入員工的系統後，網路攻擊者利用會話 cookie 訊息，使他們能夠冒充受害者並進一步訪問 Ginco 不安全的通訊系統。

On May 11, 2024, the attacker manipulated a legitimate transaction request from a DMM employee, sending 4,502.9 BTC, valued at $308 million at the time, into wallets controlled by the hackers.

2024 年 5 月 11 日，攻擊者操縱了 DMM 員工的合法交易請求，將 4,502.9 BTC（當時價值 3.08 億美元）發送到駭客控制的錢包中。

The FBI report noted that the stolen funds were moved to wallets controlled by the TraderTraitor group, solidifying the connection between the cyber actor and the theft.

FBI 報告指出，被盜資金被轉移到 TraderTraitor 組織控制的錢包中，從而鞏固了網路攻擊者與盜竊行為之間的聯繫。

Community Reacts to DMM Bitcoin Hack, WazirX Debate EnsuesAs news of the DMM Bitcoin hack spread, some crypto community members began comparing it to other high-profile crypto thefts, such as the WazirX hack.

社群對DMM 比特幣駭客攻擊和WazirX 爭論隨之而來隨著DMM 比特幣駭客攻擊的消息傳播開來，一些加密社群成員開始將其與其他備受矚目的加密貨幣竊盜事件進行比較，例如WazirX 駭客攻擊。

In response to an X article covering the DMM hack, Pushpendra Singh, founder of PushpendraTech and SmartViewAi, asked if the incident could justify other events. He highlighted the need to focus on user withdrawals in such cases.

在回應一篇涉及 DMM 駭客攻擊的 X 文章時，PushpendraTech 和 SmartViewAi 的創始人 Pushpendra Singh 詢問該事件是否可以證明其他事件的合理性。他強調在這種情況下需要關注用戶提款。

“Bro this can’t justify wazirx hack. We have to focus on user withdrawal’s .”

「兄弟，這不能證明 wazirx 駭客攻擊是合理的。我們必須關注用戶退出問題。

Meanwhile, Nischal Shetty, Co-Founder of WazirX, commented on the legal proceedings surrounding the crypto exchange's assets. He stated that creditors will be left to decide on the distribution of assets, especially in cases like the WazirX hack.

與此同時，WazirX 聯合創始人 Nischal Shetty 對圍繞加密貨幣交易所資產的法律訴訟發表了評論。他表示，資產分配將由債權人自行決定，尤其是在 WazirX 駭客事件等情況下。

“Creditors will have to decide on the asset distribution scheme. Especially in cases like ours. If majority votes in favor of a particular scheme then the liquid assets can be disbursed according to the terms of that scheme.”

「債權人將必須決定資產分配方案。尤其是像我們這樣的情況。如果多數人投票支持某個特定計劃，那麼可以根據該計劃的條款分配流動資產。

The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.

本文提供的資訊僅供參考和教育目的。本文不構成任何形式的財務建議或建議。對於因使用所提及的內容、產品或服務而造成的任何損失，Coin Edition 不承擔任何責任。建議讀者在採取任何與該公司相關的行動之前務必謹慎行事。