DMM Bitcoin outflow incident detailed analysis(2024-05)— 4,502.9 BTC attributed to Lazarus
On this page
Wiki route
This entry sits under exchanges index. Read it against Coincheck Nem Hack Detailed Analysis for peer / contrast context and FSA crypto-asset exchange registration system — number system / Local Finance Bureau jurisdiction / registration requirements for the broader system / regulatory boundary.
1. Incident overview
On the evening of 2024-05-31, 4,502.9 BTC(equivalent to approx. 482 億円)was illicitly drained from DMM Bitcoin. At the time, it was the largest domestic outflow incident after the jp-exchange-coincheck NEM incident(2018, 580 億円). It was later attributed, in a joint statement by the FBI + the National Police Agency + DC3 (the US Department of Defense Cyber Crime Center)in 2024-12 , to TraderTraitor(a unit under North Korea’s Lazarus).
2. Technical cause (within publicly available information)
- The presumed path was a social-engineering attack via a contractor / outsourced-vendor system
- An operational error in the hot-key management process was a contributing factor
- The detailed intrusion path is undisclosed as the investigation continues
- Segregated management of customer assets was functioning; the outflow was limited to the company’s own assets (per DMM’s claim)
3. Emergency response + protection of customer assets
- 2024-05-31 Halted all crypto-asset trading
- 2024-06-05 DMM Bitcoin raised funds from its own group and procured, in the market, BTC equivalent to the customer-asset portion to safeguard it
- 2024-09 fsa-business-improvement-orders-history issued a business-improvement order
- 2024-12-01 Full service suspension + announcement of business closure
- 2025-03-08 Transfer of customer assets / accounts to jp-exchange-sbi-vc-trade completed; the DMM Bitcoin legal entity dissolved
4. Attribution confirmation (Lazarus / TraderTraitor)
- 2024-12-23 A joint statement by the FBI + the National Police Agency + DC3 formally attributed it as “carried out by TraderTraitor(under Lazarus)”
- As a North Korea state-linked crypto-asset theft, it was among the largest in scale for 2024 年
- In coordination with forensic vendors such as Chainalysis, fund-flow tracing continues
- Blocking off-ramping via mixers is a challenge
5. Institutional significance
- The business-closure + transfer-to-competitor model — this is the 3 pattern(Coincheck 2018 = absorbed via subsidiary-ization; FTX Japan 2023 = survived through segregated management + 100% returns; DMM 2024 = closure + transfer)
- Highlighted contractor / outsourcing risk(an argument running parallel to the EU CTPP / DORA)
- Domestic substantiation of the global Lazarus threat
- Regulatory revision underway(strengthening outsourcing management toward 2026 )
Related
- jp-exchange-dmm-bitcoin
- jp-exchange-sbi-vc-trade
- jp-vasp-incident-history
- coincheck-nem-hack-detailed-analysis(comparison)
- fsa-business-improvement-orders-history
- jp-vasp-ma-consolidation-history
- forensic identity anchor chain
- bytecode forensic 3-tier verify
- Bybit Lazarus Hack Detailed Analysis
- Global crypto-asset forensics-vendor layer — Chainalysis / Elliptic / TRM / Crystal comparison
Source: compilation of public information(DMM Bitcoin/SBI VC Trade IR disclosures, FSA business-improvement order, National Police Agency/NPA announcements, Chainalysis/Elliptic public traces, Lazarus-group tracking reports)
Discovery
Keep reading
Read next
- FSA warning-letter issuance system for unregistered foreign crypto-asset exchanges (2018-2025) This entry sits under exchanges index. Read it against FSA 暗号資産交換業登録制度 — 番号体系・財務局管轄・登録要件 for peer / contrast context and 日本金融規制 — トークン・暗号資産・決済に関する法体系 for the broader system / regulatory boun... exchanges/fsa-foreign-exchange-warning-system
- FSA crypto operator registry — snapshot delta log This entry sits under exchanges index. Read it against FSA 暗号資産交換業登録制度 for the registration framework, JP VASP M&A 史 for entity consolidation context, and FSA 海外無登録警告書制度 for the unregistered... exchanges/fsa-snapshot-delta-log
- FSA crypto-asset exchange registration system — number system / Local Finance Bureau jurisdiction / registration requirements Through the amended Payment Services Act enacted 2017-04 , Japan introduced, ahead of the rest of the world, a registration system for the crypto-asset exchange business. Operators that were... exchanges/fsa-vasp-registration-system
Links here
- Bybit Lazarus $14.6 億 hack detailed analysis (2025-02) — largest crypto-asset outflow in history This entry sits under exchanges index. Read it against DMM Bitcoin 流出事件 詳細分析 (2024-05) — Lazarus 帰属 4,502.9 BTC for peer / contrast context and FSA 暗号資産交換業登録制度 — 番号体系・財務局管轄・登録要件 for the broa... exchanges/bybit-lazarus-hack-detailed-analysis
- WazirX — India CEX / 2024-07 Liminal hack ~$235M loss overview This entry sits under exchanges index. Read it against CoinDCX for the closest India peer / contrast context, Bybit Lazarus hack for parallel North Korean attribution pattern, and グローバル CEX... exchanges/cex-wazirx-india
- Coincheck NEM 580 億円 outflow incident detailed analysis (2018-01) This entry sits under exchanges index. Read it against DMM Bitcoin 流出事件 詳細分析 (2024-05) — Lazarus 帰属 4,502.9 BTC for peer / contrast context and FSA 暗号資産交換業登録制度 — 番号体系・財務局管轄・登録要件 for the broa... exchanges/coincheck-nem-hack-detailed-analysis
- Crypto-asset custody provider landscape matrix — Japan + Global institutional custody 10 社 technology / regulation / customer comparison The institutional crypto-asset custody market is differentiated along three axes: (1) technology model (cold storage / MPC / hybrid) × (2) license tier (Trust Charter / VASP / vendor only) ×... exchanges/crypto-custody-provider-landscape-matrix
- FSA Business Improvement Order (BIO) domestic VASP administrative-action history (2018-2026) This entry sits under exchanges index. Read it against FSA 暗号資産交換業登録制度 — 番号体系・財務局管轄・登録要件 for peer / contrast context and 日本金融規制 — トークン・暗号資産・決済に関する法体系 for the broader system / regulatory boun... exchanges/fsa-business-improvement-orders-history