Dec. 24 (UPI) — Japan’s National Police Agency said on Tuesday that the hacker group TraderTraitor, which is based in North Korea, is likely responsible for a May hack that allowed $308 million in Bitcoin to be taken from a Japanese cryptocurrency exchange.
The leak from DMM Bitcoin was caused by a computer virus planted on an employee at a company that made deposits and withdrawals of DMM Bitcoin virtual currency. The virus got into the system through a phony job recruitment note sent through LinkedIn, police said.
The malicious Python virus was sent to the employee at Ginco, gaining access to its system when they opened it, allowing the hacker group to gain access to the company’s unencrypted communications.
Authorities said from there, hackers were able to eventually access and steal DMM Bitcoin customer deposits, which were all moved to TraderTraitor’s wallet. The NPA was able to track down the digital trail with the help of the FBI and U.S. Defense Department’s Cyber Crime Center.
TraderTraitor is believed to be a division of the Lazarus Group, a hacking group thought to be an arm of the North Korean government.
The theft, which included $4,502.9 Bitcoin is forcing the exchange to close its doors. Since May, the exchange had limped along, operating with only limited services. When it shuts down in March, it will transfer its accounts and access to the platform SBI VC Trader.