FBI, DC3, and NPA Identification of North Korean Cyber Actors, Tracked as TraderTraitor, Responsible for Theft of $308 Million USD from Bitcoin.DMM.com

FBI, DC3, and NPA Identification of North Korean Cyber Actors, Tracked as TraderTraitor, Responsible for Theft of $308 Million USD from Bitcoin.DMM.com — FBI An official website of the United States government. Here's how you know Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. FBI, DC3, and NPA Identification of North Korean Cyber Actors, Tracked as TraderTraitor, Responsible for Theft of $308 Million USD from Bitcoin.DMM.com News Stories News Blog Press Releases Podcasts Videos Speeches and Testimony Photos Social Media Apps Washington, D.C. FBI National Press Office (202) 324-3691 Share on X X.com Share on Facebook Facebook Email Email December 23, 2024 FBI, DC3, and NPA Identification of North Korean Cyber Actors, Tracked as TraderTraitor, Responsible for Theft of $308 Million USD from Bitcoin.DMM.com The Federal Bureau of Investigation, Department of Defense Cyber Crime Center, and National Police Agency of Japan are alerting the public to the theft of cryptocurrency worth $308 million U.S. dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors in May 2024. The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces. TraderTraitor activity is often characterized by targeted social engineering directed at multiple employees of the same company simultaneously. In late March 2024, a North Korean cyber actor, masquerading as a recruiter on LinkedIn, contacted an employee at Ginco, a Japan-based enterprise cryptocurrency wallet software company. The threat actor sent the target, who maintained access to Ginco’s wallet management system, a URL linked to a malicious Python script under the guise of a pre-employment test located on a GitHub page. The victim copied the Python code to their personal GitHub page and was subsequently compromised. After mid-May 2024, TraderTraitor actors exploited session cookie information to impersonate the compromised employee and successfully gained access to Ginco’s unencrypted communications system. In late-May 2024, the actors likely used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the loss of 4,502.9 BTC, worth $308 million at the time of the attack. The stolen funds ultimately moved to TraderTraitor-controlled wallets. The FBI, National Police Agency of Japan, and other U.S. government and international partners will continue to expose and combat North Korea’s use of illicit activities—including cybercrime and cryptocurrency theft—to generate revenue for the regime. Most Wanted Ten Most Wanted Fugitives Terrorism Kidnappings / Missing Persons Seeking Information Bank Robbers ECAP ViCAP FBI Jobs Submit a Tip Crime Statistics History FOIPA Scams & Safety FBI Kids News Stories Videos Press Releases Speeches and Testimony Podcasts and Radio Photos Español Apps How We Can Help You Law Enforcement Victims Parents and Caregivers Students Businesses Safety Resources Need an FBI Service or More Information? What We Investigate Terrorism Counterintelligence Cyber Crime Public Corruption Civil Rights Organized Crime White-Collar Crime Violent Crime WMD About Mission & Priorities Leadership & Structure Partnerships Community Outreach FAQs Contact Us Field Offices FBI Headquarters Visit the FBI Experience Overseas Offices Additional Resources Accessibility eRulemaking Freedom of Information / Privacy Act Legal Notices Legal Policies & Disclaimers Privacy Policy USA.gov White House No FEAR Act Equal Opportunity fbi federal bureau of investigation FBI.gov Contact Center Email updates Accessibility eRulemaking Freedom of Information / Privacy Act Legal Notices Legal Policies & Disclaimers Privacy Policy USA.gov White House No FEAR Act Equal Opportunity FBI.gov is an official site of the U.S. Department of Justice © Search FBI Submit Search Home Most Wanted News What We Investigate How We Investigate How We Can Help You Submit a Tip About Contact Us Crime Statistics Photos Video Outreach History FOIA Scams & Safety FBI Kids FBI Jobs email Stay Connected Get FBI email alerts Subscribe No Thanks ×