FSA Advisory: DMM Crypto Asset Heist
On December 24, 2024, Japanese authorities — the Financial Services Agency, National Police Agency, and NISC — issued an advisory regarding a crypto asset heist of over $300 million at DMM Bitcoin. The attack was carried out by threat actors linked to North Korea. The advisory details how the attackers combined social engineering with technical exploitation to carry out the theft.
This blog post highlights key findings from the advisory, focusing on the attack methods and defensive measures recommended by the authorities.
The attackers employed a multi-stage approach that began with social engineering. Targets included individuals working in businesses related to crypto assets, both within and outside Japan. The attackers initiated contact by impersonating corporate executives and others on social media. Targets were approached using messages tailored to their professional background, for instance, asking software engineers for programming help or mentorship.
The attackers would often request moving conversations to different social media platforms or messaging apps. The advisory noted this was likely to take advantage of services where sent messages could be deleted from the target's chat history.
