The Federal Bureau of Investigation (FBI) is publicly blaming North Korean government hackers for a $308 million cryptocurrency heist from Bitcoin.DMM.com earlier this year.

A brief statement from the FBI said it worked with Japan’s National Police Agency (NPA) to trace the theft of 4,502.9 BTC to “TraderTraitor,” a known Pyongyang hacking team that targets cryptocurrency banks and exchanges.

The operation, described as a sophisticated mix of social engineering and technical exploitation, began in March 2024 when a North Korean hacker, posing as a recruiter on LinkedIn, targeted an employee at Ginco, a Japan-based cryptocurrency wallet software company. 

The FBI said the target, who had critical access to Ginco’s wallet management systems, was tricked into downloading a malicious Python script under the guise of a pre-employment test hosted on GitHub.

“The victim copied the Python code to their personal GitHub page and was subsequently compromised,” the FBI said.

Two months later, the TraderTraitor hackers used session cookie data to impersonate the compromised Ginco employee, granting them unauthorized access to Ginco’s unencrypted communication system. 

By late May, the law enforcement agencies said TraderTraitor operatives had manipulated a legitimate transaction request from a DMM employee to swipe 4,502.9 BTC, valued at $308 million at the time. 

The stolen money was funneled to cryptocurrency wallets controlled by the North Korean hacking team.

The Bitcoin.DMM hack is the latest in a series of multi million-dollar cryptocurrency hacks attributed to North Korean government hackers. Earlier this year, the FBI revealed that TraderTraitor-linked actors had stolen $60 million from Alphapo, $37 million from CoinsPaid, and $100 million from Atomic Wallet. 

These incidents follow previous high-profile attacks on blockchain bridges like Harmony’s Horizon and Sky Mavis’ Ronin, both linked to the notorious Lazarus Group, of which TraderTraitor is believed to be a faction.

According to fresh data from Chainalysis, cryptocurrency criminal activity surged in 2024, marking the fifth year in the past decade where losses exceeded $1 billion, with $2.2 billion stolen — a 20% year-over-year increase. 

Related: Mandiant Offers Clues to Spotting North Korean Fake IT Workers

Related: Fake IT Workers Funneled Millions to North Korea, DOJ Says

Related: North Korean Hackers Target macOS Users

Related: Pyongyang Hackers Behind Breach of German Missile Manufacturer