LinkedIn job scam leads to $308M crypto heist: FBI report

A fresh report released by the Federal Bureau of Investigation (FBI) reveals that North Korean cyber actors stole $308 million in Bitcoin from Japan-based crypto firm DMM in May 2024.

The attackers are being tracked as “TraderTraitor” who initiated the attack by posing as a recruiter on LinkedIn. The investigation is conducted by the FBI with the National Police Agency of Japan and the US Department of Defense.

DMM Bitcoin has already announced that it will go out of business after adjourning some of its services after the major theft. However, the crypto industry lost around $1.5 billion to hackers in 2024. This is a drop of 17% from last year. The hack of $235 million from India’s WazirX is one of the big hits in the list.

From LinkedIn to $308M theft

According to the report, the $308 million Bitcoin breach originated at Ginco, a crypto wallet company. A TraderTraitor attacker posed as a LinkedIn recruiter, sending out a malicious Python script to an employee as part of a “pre-employment test.”

Once the script was executed, the hackers technically gained unauthorized access to Ginco’s systems. It was by mid-May that they exploited session cookies to impersonate the compromised employee. This helped them to infiltrate Ginco’s communications network.

It added that by late May, TraderTraitor hackers manipulated a transaction that was requested by a DMM employee. This is how they successfully exfiltrated 4,502.9 Bitcoin (approx. worth $308 million). After this, the funds were moved to wallets controlled by the group.

Bitcoin price recorded a major correction lately. BTC price dropped straight to the $94,000 level from over $100,000. It is now down by 12.5% in the last 7 days. Bitcoin is trading at an average price of $94,321, at press time. Its 24-hour trading volume is up by 14% to stand at $57 billion.

FBI, Japan busting scams

Japan’s Financial Services Agency has already ordered the exchange to improve its operations in September citing the risk management structure. Reports suggest that no users suffered financial damage as the exchange managed to get 55 billion yen (approx. worth $350 million) from a group firm to cover the lost assets.

The FBI, Japan’s NPA, and the DoD Cyber Crime Center are coordinating efforts to counter North Korea’s illicit activities, which use cybercrime to fund its regime, it added.

The FBI report noted that such operations are also known as Jade Sleet and Slow Pisces. These activities highlight the risks of targeted social engineering. It mentioned that in such cases TraderTraitor frequently directs simultaneous attacks at multiple employees within organizations.

The crypto sector faced $1.49 billion in losses due to hacks and fraud in 2024, a 17% drop from 2023. Hacks accounted for $1.47 billion, with fraud representing just $28 million. Key incidents included DMM Bitcoin’s $305M breach and WazirX‘s $235M hack, which together made up 36% of total losses. The decline in losses reflects better security, with successful attacks down 27.5%.

Land a High-Paying Web3 Job in 90 Days: The Ultimate Roadmap