North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin

North Korean hackers, attributed to the TraderTraitor threat activity cluster, stole $308 million worth of Bitcoin from DMM Bitcoin in May 2024. The hackers compromised a Ginco employee through a malicious Python script, gaining access to DMM Bitcoin’s unencrypted communications system and manipulating a transaction request. The stolen funds were moved through intermediary addresses and a Bitcoin CoinJoin Mixing Service before reaching HuiOne Guarantee, an online marketplace linked to the Cambodian conglomerate HuiOne Group.