DMM Bitcoin Ceases Operations Following $300 Million Cyberattack, Attributed to Lazarus Group
DMM Bitcoin, a leading Japanese cryptocurrency exchange, has announced its impending closure following a major cybersecurity incident. The exchange fell victim to a sophisticated cyberattack on May 31st, 2024, resulting in the unauthorized transfer of 4,502.9 Bitcoins, valued at approximately $308 million at the time of the breach (currently exceeding $429 million).
Following the incident, DMM Bitcoin implemented restrictions on withdrawals and cryptocurrency purchases to mitigate further losses. However, these measures have ultimately proven unsustainable, with the company citing a detrimental impact on customer service quality. Consequently, DMM Bitcoin has initiated a process to transfer all client accounts and assets to SBI VC Trade, a subsidiary of the Japanese financial conglomerate SBI Group. The transfer, scheduled for completion by March 2025, follows a formal agreement signed between the two entities on November 29th, 2024.
Despite securing emergency loans totaling 55 billion yen ($367 million) to offset the financial losses, DMM Bitcoin has faced intense scrutiny from regulators. An investigation conducted by Japan’s Financial Services Agency (FSA) revealed critical deficiencies in the company’s risk management framework, including a lack of independent audits and the concentration of key security functions within a limited number of personnel. Furthermore, the FSA identified violations of cryptocurrency transaction regulations, notably the absence of essential logs crucial for investigating the theft.
Blockchain security experts, analyzing the flow of stolen funds, have observed their rapid dispersal across multiple wallets and partial laundering through questionable platforms, including Huione Guarantee, an entity with suspected links to organized crime. The attack methodology and subsequent laundering patterns strongly suggest the involvement of the Lazarus Group, a North Korean state-sponsored cybercrime organization with a history of orchestrating high-profile, multi-million dollar cyber heists.
This incident represents one of the most significant cryptocurrency thefts of 2024, contributing to the alarming trend of escalating cybercrime within the digital asset sector. Losses from crypto-related attacks reached $1.6 billion in the first half of 2024 alone, nearly double the amount reported during the same period in 2023.
