Credential theft
β Supply Chain
DMM Bitcoin Hack - TraderTraitor (North Korea)
Primary Source βIncident Details
North Korean TraderTraitor hackers stole 4,502.9 BTC (~$308 million) from Japanese crypto exchange DMM Bitcoin on 31 May 2024 β the third-largest crypto theft in history. FBI, DC3, and Japan NPA jointly attributed the attack in December 2024. The compromise flowed through Ginco, a third-party wallet provider. DMM Bitcoin was unable to recover and shut down in December 2024, transferring accounts to SBI VC Trade.
Technical Details
- Initial Attack Vector
- TraderTraitor (North Korean) social engineering of an employee at crypto wallet company Ginco; attackers gained access to Ginco communications systems and intercepted a legitimate DMM Bitcoin transaction
- Vendor / Product
- Ginco (crypto wallet provider)
- Supply Chain Attack
- β Confirmed third-party / vendor compromise
Timeline
- 2024-05-31 Breach occurred
- 2024-05-31 Publicly disclosed
- 2024-06-01 Customers notified