Read time 3 minutes

North Korean Hackers Strike Again: $300 Million Stolen from DMM Exchange

It looks like North Korean hackers are back at it again, and this time they’ve managed to nab a whopping $300 million from the Japanese crypto exchange DMM. This incident has really thrown a spotlight on how exposed these digital currency exchange platforms are to some serious cyber threats. And if you think that’s bad, just wait until you hear how they pulled it off.

The DMM Heist: A Closer Look

Cryptocurrency thefts are becoming more and more common, and the methods these hackers use are getting pretty advanced. The DMM hack is not the first, and I'm sure it won't be the last. Recently, the FBI, DC3, and NPA revealed that malicious actors had successfully executed a heist amounting to over $300 million. They managed to steal 4,502.9 Bitcoin (BTC), which was valued at around $305 million at the time.

How They Did It

According to the FBI, this theft is tied to a North Korea-affiliated group known as TraderTraitor. They employed targeted social engineering tactics aimed at company employees. The hackers pretended to be a recruiter on LinkedIn back in March, getting in touch with an employee from Ginco, a Japanese crypto wallet company. They sent a link that the employee assumed was a pre-employment test on a GitHub page. Little did they know, copying that code would ultimately lead to their downfall.

Fast forward to mid-May, and TraderTraitor used the data they obtained to impersonate the employee. They managed to breach Ginco’s communication system, probably to fake a legitimate transaction request from a DMM employee. This resulted in the loss of about $308 million in Bitcoin, which has already been moved to wallets controlled by the TraderTraitor group.

The FBI is working with the NPA and other US and international partners to expose how North Korea is using illicit activities to fund its regime.

The Dark Side of Social Engineering in Crypto

Social engineering, especially in the context of cryptocurrency, is a big deal. It relies more on exploiting people than on technical vulnerabilities. Here are some of the ways it impacts digital currency exchanges:

Phishing Attacks

Phishing is rampant. Hackers send emails or messages that seem to be from trusted sources like executives or technical support, creating a false sense of urgency. This leads unsuspecting employees or users to share login credentials or click on malicious links.

Impersonation Scams

There are always scammers impersonating big names in the crypto industry. They build trust using fake identities on platforms like Twitter or Discord to trick users into transferring funds or falling for bogus investment schemes.

Fake Crypto Exchanges and Websites

There are fake versions of crypto exchanges and wallets popping up all the time. These clone sites capture sensitive data during login attempts, giving scammers access to user accounts.

Emotional Manipulation

Social engineering plays on people's emotions like trust, urgency, or fear. This can lead to revealing sensitive information or authorizing illegitimate transactions.

Targeting Employees

Hackers go after employees of crypto exchanges to bypass security protocols. They may create false emergencies to pressure employees into revealing sensitive information or granting access to the systems.

So, What's Next for Digital Currency Exchanges?

The implications of these hacks are huge. Not just for the targeted exchanges but for the entire crypto industry. The DMM hack is merely one example among many that highlight the dire need for better security.

Crypto Thieves Raked in $2.2 Billion in 2024 Alone

DMM was among the biggest exploits in 2024, but not the only one. Dec. 19, Chainalysis reported that there were 303 security incidents in 2024, leading to losses of up to $2.2 billion. Web3 cybersecurity firm Cyvers even saw a staggering 1,000% year-over-year increase in incidents in the CeFi sector.

Security Measures for Crypto Trading Exchanges

American crypto exchanges and other digital currency platforms need to buckle down and implement stronger security measures if they want to keep state-sponsored cyber actors at bay. Here are some strategies that could help:

Regulatory Frameworks

The political climate has pushed regulatory bodies to tighten oversight and enforcement. The FSB has started creating a framework aimed at “same activity, same risk, same regulation” spanning multiple jurisdictions.

Collaborations

Exchanges must engage in collaborative partnerships with government and other private entities. Sharing information helps in identifying cyber threats, including ransomware and other forms of cyber financial warfare.

Cybersecurity Measures

American crypto exchanges must ramp up their cybersecurity.

CBDCs and Regulatory Compliance

The growing popularity of CBDCs is also a factor in how well these exchanges can regulate existing crypto assets.

National Security Risks

The national security implications of crypto hacking are huge.

The Long Game for Secure Crypto Exchanges

Yeah. The DMM hack is a wake-up call. To safeguard against future attacks, digital currency exchanges must up their game. Robust regulatory frameworks, collaborations, and enhanced cybersecurity are absolutely essential if they want to succeed. And let's face it, the cyber warfare isn't going to stop anytime soon.

Buy and Sell Tether P2P

Swap USDT for Zinli, Wally, PayPal, Zelle, and more!

Publish your own P2P ads and start making money online.

Frequently Asked Questions

How Can We Help You?

This space is built to help you, whether you're a beginner or an expert using our app. Here, you'll likely find the answer to your questions.

El Dorado

Deposits & Withdrawals

Account

General Questions

No results

Company

HomeAbout usLearnJobs

Help

TutorialsUsage guideTrading rules

Legal

Privacy policyTerms of serviceComplaints and Claims

CONTENT DISCLAIMER: References made to third-party names, logos, and trademarks on this website are to identify the corresponding goods and services that users of El Dorado may exchange through P2P transactions facilitated by El Dorado. Unless otherwise specified, trademark holders are not affiliated with El Dorado, our products or website, and do not sponsor or endorse El Dorado services. Such references are included strictly as nominative fair use under applicable trademark law and are the property of their respective owners. El Dorado Labs S.R.L.- Virtual Asset Service Provider (PSAV) registered under No. 63 dated August 5, 2024 in the CNV Registry of Virtual Asset Service Providers. For unresolved inquiries, you can contact ssf.gob.sv or atencionalusuario@ssf.gob.sv.