DMM Bitcoin hack
About $305M (4,502.9 BTC) was stolen from the Japanese exchange DMM Bitcoin in May 2024. The FBI, DC3, and Japan's NPA attributed it to North Korea's TraderTraitor, which used a fake-recruiter lure to compromise an employee at wallet vendor Ginco. DMM later wound down.
Also known as: DMM Bitcoin, Bitcoin.DMM.com
Summary
In May 2024, the Japan-based exchange DMM Bitcoin lost 4,502.9 BTC — about $305 million at the time — in an "unauthorized leak," at the time the largest crypto theft since FTX and the second-largest in Japan after Coincheck. DMM pledged to make customers whole with group-company support and later announced it would wind down. [1][2]
Attribution and method
In December 2024 the FBI, the DoD Cyber Crime Center, and Japan's National Police Agency attributed the theft to North Korea's TraderTraitor. According to the agencies, a threat actor posing as a recruiter on LinkedIn sent a malicious "pre-employment test" to an employee at Ginco, a Japanese wallet-software vendor; the attackers then used stolen session data to manipulate a legitimate DMM transaction and divert the funds. [1][3]
Bracketed numbers refer to the numbered sources listed below.
Linked scams & cases
People & entities involved
- Lazarus GroupAttributed actorOrganizations & groupsThe most widely used name for North Korea's state-sponsored hacking apparatus, run under its Reconnaissance General Bureau. Blamed for the Sony hack, the Bangladesh Bank SWIFT heist, WannaCry, and — since ~2017 — many of the largest crypto thefts ever. Chainalysis puts DPRK's cumulative crypto haul near $6.75B, used to fund the regime's weapons programs.
- TraderTraitorAttributed actorOrganizations & groupsA North Korea-linked threat cluster (part of the Lazarus umbrella) that the FBI blames for several of the largest exchange thefts, including Bybit ($1.5B), DMM Bitcoin ($305M), and the Ronin/Axie bridge. It favors social-engineering of employees and supply-chain compromises.
Sources (3)
See also
- Loci (LOCIcoin)TokensA 2017–2018 ICO for 'LOCIcoin' tied to the InnVenn IP-search platform. The SEC charged Loci and CEO John Wise with fraud for raising $7.6M on false claims about revenue, headcount, and user base; Wise also misused investor funds. Settled with a $7.6M penalty and an officer/director bar.
- Blockchain Terminal (BCT)TokensA 2017–2018 ICO (BCT tokens, ~$30M) for a 'Blockchain Terminal' — a Bloomberg-style crypto trading terminal. The SEC and DOJ said convicted ex-hedge-funder Boaz Manor secretly ran it under a fake identity ('Shaun MacDonald'), using associate Edith Pardo as a front, and lied about the product's adoption.
- Crowd Machine (CMCT)Tokens
This page was last updated on Jun 8, 2026. View revision history.