Comment
Author: Admin | 2025-04-28
Recent years — may have altered its cybercriminal activity as well.The decline in funds stolen by the DPRK after July 1, 2024 is clear and the timing is conspicuous, but it is nevertheless important to note that this decline is not necessarily associated with Putin’s visit to Pyongyang. Additionally, a few events in December could alter the pattern by the end of the year, and attackers often strike over holidays.Case study: The DPRK’s DMM Bitcoin exploitOne notable example of a North Korea-affiliated hack in 2024 involved Japanese cryptocurrency exchange, DMM Bitcoin, which suffered a security breach resulting in the loss of approximately 4,502.9 Bitcoin, valued at $305 million at the time. The attackers targeted vulnerabilities in infrastructure used by DMM, leading to unauthorized withdrawals. In response, DMM fully covered customer deposits by sourcing equivalent funds with the support of group companies.We were able to analyze the flow of funds on-chain after the initial attack, which we’ve broken down into two Chainalysis Reactor graphs below. In the first phase, we see that the attacker moved millions of dollars’ worth of crypto from DMM Bitcoin to several intermediary addresses before eventually reaching a Bitcoin CoinJoin Mixing Service.After successfully mixing the stolen funds using the Bitcoin CoinJoin Mixing Service, the attackers moved a portion of the funds through a number of bridging services, and finally to Huione Guarantee, an online marketplace tied to the Cambodian conglomerate, Huione Group, which was previously exposed as a significant player in facilitating cybercrimes.The scale of the breach and the subsequent operational challenges led DMM to decide to shut down the exchange in December 2024. DMM Bitcoin transferred its assets and customer accounts to SBI VC Trade, a subsidiary of the Japanese financial conglomerate, SBI Group, with the transition set to be finalized by March 2025. Fortunately, emerging
Add Comment