North Korean hacker group TraderTraitor was most likely behind a cyberattack that caused ¥48.2 billion ($308 million) worth of bitcoin to be leaked from DMM Bitcoin, a Japan-based cryptocurrency exchange, in May, the National Police Agency announced Tuesday.
According to the NPA, the hacker group is believed to have planted a computer virus on an employee at Ginco — a company that was entrusted with the deposit and withdrawal of DMM Bitcoin’s virtual currency — through a fake job recruitment message sent via LinkedIn.
The malicious Python script that was sent to the employee was able to access Ginco’s system, giving the hacker group access to the company’s unencrypted communications. The group exploited this access to steal DMM Bitcoin customer deposits worth ¥48.2 billion in May, which was ultimately moved to TraderTraitor’s wallet.