A state-sponsored North Korean hacker group has been identified as the culprit behind the theft of $308 million in Bitcoin from Japan’s cryptocurrency exchange, DMM Bitcoin. The United States Federal Bureau of Investigation (FBI) has linked the attack, which occurred in late May, to Trader Traitor, a subset of the infamous Lazarus Group. Known for their history of cybercrimes, Lazarus Group operates under North Korea’s directive, using digital theft as a financial lifeline amidst the country’s economic isolation.
This meticulously planned heist began with the hackers contacting a DMM Bitcoin employee on LinkedIn, posing as fake employers. They sent the employee a file under the guise of an interview, embedded with phishing software. Once downloaded, the software allowed the hackers to take control of the employee’s computer, breach DMM Bitcoin’s transaction systems, and siphon $308 million worth of Bitcoin into their accounts.
Experts view this incident as a striking example of North Korea’s evolving cyber strategy to counter international sanctions. Cryptocurrency theft has become a vital funding source for the regime, with hackers targeting crypto exchanges, digital wallets, and other platforms worldwide. The DMM Bitcoin attack underscores the growing threat posed by state-backed cybercriminals in the digital age.