It is a game of cat and mouse in which the stakes are high, and the players are not so naive. It is a brazen rob-theft, so bright that even the brightest thriller writers may feel ashamed to reproduce over-the-edge events. This is exactly what a group of well-learned North Koreans from the much-feared Lazarus Group had done in what might as well be considered the “heist of the century” as the thieves executed a robbery worth as much as 4,500 bitcoins worth around $308 million at Japan’s DMM Bitcoin exchange in May 2024.
This elaborate caper started innocently enough with a LinkedIn connection. In March, a Lazarus-linked hacker posed as a recruiter on LinkedIn, targeting an employee at Ginco, a firm managing DMM Bitcoin’s wallets. Disguised as a pre-employment test, the hacker sent the victim a malicious Python script via a GitHub link. The unsuspecting employee copied the code, granting the hackers entry into Ginco’s systems.
Picture this: a friendly neighbor hands you a locked treasure chest, promising the key is inside. Trusting them, you open it, only to discover you have just handed them the keys to your house. That is exactly how the hackers exploited the trust of a skilled professional.
Once inside, the hackers waited patiently until May. They then used stolen session cookies to impersonate the compromised employee, gaining access to unencrypted communications. Manipulating a legitimate transaction, they diverted 4,502.9 bitcoins to wallets controlled by TraderTraitor, an arm of Lazarus.
Investigators linked the heist to North Korea, where cryptocurrency theft funds state operations. The FBI and Japan’s National Police Agency have vowed to continue combating such cybercrimes.
This is not the first time Lazarus Group has pulled off a heist. They have got quite a rap sheet. In 2022, they stole a whopping $615 million from Ronin Network. Then, earlier this year, they made off with $234.9 million from WazirX. These big-time thefts have made them the top bad guys in the crypto world.
