Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Crypto klepto North Korea stole $659M over just 5 heists last year
North Korean blockchain bandits stole more than half a billion dollars in cryptocurrency in 2024 alone, the US, Japan, and South Korea say.
The sum of stolen assets totaled a little more than $659 million across five major incidents, although just two contributed a large portion of that.
The BitcoinDMM crypto exchange was raided for $308 million in May 2024 – the biggest haul of the five heists - by a group tracked by law enforcement agencies as TraderTraitor.
To pull it off, the North Korean attackers upended their usual playbook of seeking employment at Western organizations and assumed the role of recruiter.
They reached out to a staffer at Japanese enterprise crypto wallet company Ginco in March with a pre-employment test, which turned out to be a malicious Python script. The job seeker uploaded it to their personal GitHub page, which was then compromised.
TraderTraitor exploited stolen session cookies to impersonate the Ginco employee to gain access to the company's unencrypted comms system in May. From there, the group tampered with a transaction request made by a BitcoinDMM worker to forward the stolen funds to North Korean wallets.
The sum of stolen assets totaled a little more than $659 million across five major incidents, although just two contributed a large portion of that.
The BitcoinDMM crypto exchange was raided for $308 million in May 2024 – the biggest haul of the five heists - by a group tracked by law enforcement agencies as TraderTraitor.
To pull it off, the North Korean attackers upended their usual playbook of seeking employment at Western organizations and assumed the role of recruiter.
They reached out to a staffer at Japanese enterprise crypto wallet company Ginco in March with a pre-employment test, which turned out to be a malicious Python script. The job seeker uploaded it to their personal GitHub page, which was then compromised.
TraderTraitor exploited stolen session cookies to impersonate the Ginco employee to gain access to the company's unencrypted comms system in May. From there, the group tampered with a transaction request made by a BitcoinDMM worker to forward the stolen funds to North Korean wallets.
https://www.theregister.com/2025/01/15/north_korea_crypto_heists/