The Japanese government announced on Tuesday that a Bitcoin fraud incident, which occurred in May and involved a theft of approximately 48 billion yen (443.7 billion won), was orchestrated by a North Korean hacker group.
The Japanese Metropolitan Police Department and National Police Agency revealed that the hacker group "Trader Trader," a subsidiary of North Korea’s Lazarus Group, was responsible for stealing cryptocurrency from Japan's DMM Bitcoin exchange. Despite discovering the involvement of a North Korean hacker group with the help of the U.S. Department of Defense and the FBI, the Japanese authorities could not identify the individual suspects behind the attack.
According to Japanese police, the hacker sent a fake job transfer message to a DMM Bitcoin-related company employee in March, posing as a headhunter. This trick enabled the hacker to plant malware on the employee's computer, which led to the leak of cryptocurrency in May. In response to the fraud, DMM Bitcoin transferred customer accounts and assets to another operator and shut down its platform.
In its annual report released in March, the UN Security Council’s North Korea Sanctions Committee estimated that North Korea had stolen approximately $3 billion from cyberattacks on virtual asset companies between 2017 and 2023. The Nihon Keizai Shimbun reported that cyberattacks account for nearly half of North Korea's foreign currency income.
In light of these events, the Japanese National Police Agency issued a warning, urging caution as North Korean hackers use "targeted social engineering" techniques that exploit human vulnerabilities to extract information. On the same day, Japan’s Financial Services Agency called for major virtual currency exchanges to review their security systems to ensure they are adequately prepared for potential North Korean cyberattacks.
도쿄=이상훈 특파원 sanghun@donga.com