Data Breaches

FBI Blames North Korea for $308M Cryptocurrency Hack as Losses Surge in 2024

The FBI said the target was tricked into downloading a malicious Python script under the guise of a pre-employment test hosted on GitHub.

North Korea hackers

The Federal Bureau of Investigation (FBI) is publicly blaming North Korean government hackers for a $308 million cryptocurrency heist from Bitcoin.DMM.com earlier this year.

A brief statement from the FBI said it worked with Japan’s National Police Agency (NPA) to trace the theft of 4,502.9 BTC to “TraderTraitor,” a known Pyongyang hacking team that targets cryptocurrency banks and exchanges.

The operation, described as a sophisticated mix of social engineering and technical exploitation, began in March 2024 when a North Korean hacker, posing as a recruiter on LinkedIn, targeted an employee at Ginco, a Japan-based cryptocurrency wallet software company. 

The FBI said the target, who had critical access to Ginco’s wallet management systems, was tricked into downloading a malicious Python script under the guise of a pre-employment test hosted on GitHub.

“The victim copied the Python code to their personal GitHub page and was subsequently compromised,” the FBI said.

Two months later, the TraderTraitor hackers used session cookie data to impersonate the compromised Ginco employee, granting them unauthorized access to Ginco’s unencrypted communication system. 

Advertisement. Scroll to continue reading.

By late May, the law enforcement agencies said TraderTraitor operatives had manipulated a legitimate transaction request from a DMM employee to swipe 4,502.9 BTC, valued at $308 million at the time. 

The stolen money was funneled to cryptocurrency wallets controlled by the North Korean hacking team.

The Bitcoin.DMM hack is the latest in a series of multi million-dollar cryptocurrency hacks attributed to North Korean government hackers. Earlier this year, the FBI revealed that TraderTraitor-linked actors had stolen $60 million from Alphapo, $37 million from CoinsPaid, and $100 million from Atomic Wallet. 

These incidents follow previous high-profile attacks on blockchain bridges like Harmony’s Horizon and Sky Mavis’ Ronin, both linked to the notorious Lazarus Group, of which TraderTraitor is believed to be a faction.

According to fresh data from Chainalysis, cryptocurrency criminal activity surged in 2024, marking the fifth year in the past decade where losses exceeded $1 billion, with $2.2 billion stolen — a 20% year-over-year increase. 

Related: Mandiant Offers Clues to Spotting North Korean Fake IT Workers

Related: Fake IT Workers Funneled Millions to North Korea, DOJ Says

Related: North Korean Hackers Target macOS Users

Related: Pyongyang Hackers Behind Breach of German Missile Manufacturer

Related Content

Supply Chain Security

The PolinRider campaign has compromised more than 100 legitimate open source packages and repositories to deliver a backdoor and information stealer to developers.

Artificial Intelligence

Researchers uncovered two campaigns embedding indirect prompt injections in malicious websites to exploit autonomous AI agents browsing the web.

Cybercrime

The decentralized prediction market said hackers targeted some of its users through a compromise of a third-party vendor.

Supply Chain Security

A malicious dependency the attackers added to over 140 Mastra packages fetches a payload targeting cryptocurrency extensions.

Malware & Threats

CryptoBandits uses a local SOCKS5 proxy for traffic routing, blending data theft with remote code execution.

Nation-State

The campaigns focus on financial organizations, including cryptocurrency, venture capital, and blockchain entities.

Malware & Threats

Masquerading as popular cryptocurrency wallets, the apps can hijack recovery phrases and private keys.

Cybercrime

The hackers targeted LayerZero’s DVN, compromising certain RPCs and DDoSing others to trigger failover to the poisoned infrastructure.  

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version