According to reports released on Thursday, North Korean hackers have been identified as the perpetrators behind the theft of approximately $380 million worth of 4,500 bitcoins from the Japanese exchange DMM Bitcoin in late May.
Radio Free Asia (RFA) reported that the FBI, in collaboration with the Department of Defense Cyber Crime Center (DC3) and the Japanese National Police Agency, investigated the details and issued a public warning about the incident on Monday.
The FBI and Japanese law enforcement investigation revealed that Trader Traitor’s hacker group has ties to the North Korean government and operates under aliases such as Lazarus, UNC4899, and Slow Pisces.
According to their investigation, the North Korean hackers employed social engineering techniques to execute the cryptocurrency theft.
This technique involves building trust with potential targets, particularly those naturally suspicious or highly security-conscious, before launching their attack.
In late March, the North Korean hackers disguised themselves as recruiters on LinkedIn. They approached an employee of Ginco, a Japanese cryptocurrency wallet software company, and delivered malware disguised as a “code review.” This was a preparatory step for infiltrating Ginco’s systems.
The employee uploaded the malicious code to GitHub, a popular source code-sharing platform, which infected and damaged Ginco’s systems. After mid-May, the North Korean hackers exploited the damaged system to access Ginco’s network and extorted funds, which were then transferred to cryptocurrency wallets under their control.
In a joint statement, the FBI and Japanese police emphasized that the U.S. government, along with its international partners, will persist in exposing and disrupting North Korea’s efforts to generate profits for its regime through illegal activities, such as cybercrime and cryptocurrency theft.
However, DMM Bitcoin suspended account registrations, cryptocurrency withdrawals, and trading functions after the attack. Despite ongoing investigations and recovery efforts, the company declared its closure in December after concluding that normal operations were no longer feasible due to substantial financial losses and erosion of customer trust. Customer accounts and assets were transferred to another company to safeguard customer interests.
Meanwhile, according to the 2025 Crypto Crime Report released on December 19 by Chainalysis, a private U.S. company specializing in cryptocurrency and virtual asset analysis, the amount of cryptocurrency stolen by North Korean hackers is expected to more than double from $660.5 million in 2023 to $1.34 billion in 2024.
The funds obtained through these cryptocurrency crimes by hacker groups linked to the North Korean government are believed to be primarily funneled into the country’s nuclear weapons enhancement and ballistic missile program development. This growing trend poses an increasingly serious threat to international security and stability.
Most Commented