A North Korean hacking group has been accused of stealing over $300 million worth of cryptocurrency from Japan-based exchange DMM Bitcoin. Japanese police and the United States’ Federal Bureau of Investigation (FBI) have attributed the heist to the notorious Lazarus Group, a cybercriminal organization allegedly linked to the North Korean regime.
The Lazarus Group, operating under the TraderTraitor alias, executed the theft through a sophisticated cyberattack, according to Japan’s National Police Agency. The group has a long history of high-profile cybercrimes, gaining international attention in 2014 for hacking Sony Pictures in retaliation for “The Interview,” a film satirizing North Korean leader Kim Jong Un.
In a separate statement released on Monday, the FBI provided detailed accounts of the cyberattack. It revealed that the hackers employed a targeted social engineering scheme, posing as recruiters on LinkedIn to contact an employee at a separate cryptocurrency wallet software company. The hackers sent the employee what appeared to be a pre-employment test, which was embedded with malicious code. This enabled the attackers to compromise the employee’s system and impersonate them, ultimately gaining unauthorized access to DMM Bitcoin.
“In late May 2024, the actors likely used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the loss of 4,502.9 Bitcoin, valued at $308 million at the time,” the FBI stated.
The stolen cryptocurrency is believed to be part of North Korea’s broader strategy to fund its regime through illicit activities, including cybercrime and cryptocurrency theft. The FBI, along with Japan’s National Police Agency and other international partners, has vowed to continue exposing and combating such activities.
North Korea’s cyber-warfare program has been operational since the mid-1990s and has grown into a formidable force. A 2020 report by the US military identified a 6,000-member cyber-warfare unit, known as Bureau 121, operating from various countries.
The heist underscores the evolving sophistication of cyber threats and the increasing risks to global financial systems. This latest revelation adds to the growing list of accusations against North Korea for leveraging cyberattacks to circumvent international sanctions and generate revenue for its regime. The incident has prompted renewed calls for heightened cybersecurity measures and international cooperation to prevent further exploitation of digital currencies by state-sponsored hackers.
