- Blockbasis
- Posts
- DMM Bitcoin: Inside the $304 Million Crypto Heist
DMM Bitcoin: Inside the $304 Million Crypto Heist
DMM Bitcoin: Comprehensive Analysis of the $304 Million Crypto Heist, Security Vulnerabilities, and the Ongoing Pursuit for Recovery and Accountability
TL;DR
DMM Bitcoin was hacked for over $304 million, marking one of the largest crypto thefts in history. The exchange has pledged to reimburse users and launched a bounty program to identify the perpetrators. The breach involved 4,502.9 BTC being siphoned from a hot wallet, with investigation into the attack's methods ongoing.
Sponsored Ad
Instantly calculate the time you can save by automating compliance
Whether youβre starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, ISO 42001, HIPAA, HITRUST CSF, NIST AI, and more.
Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center, all powered by Vanta AI.
Instantly calculate how much time you can save with Vanta.
Make Sure This Hack Doesnβt Happen To You π«΅
Subscribe to Blockbasis and get access to our premium scanner to check whether your wallet or a contract is safeguarded from hacks π
For a limited period only, you can get a 7 day FREE trial!
Tried to scan your wallet for any exploited contracts connected to your wallet?
If not, you probably should. Better be safe than sorry π
β Blockbasis (@Blockbasis)
1:19 PM β’ May 6, 2022
All for just $50/month after the trial.
Don't miss out! Grab your FREE trial today π
DMM Bitcoin, a centralized cryptocurrency exchange in Japan, has fallen victim to a massive hack, losing over $304 million in Bitcoin. This incident marks the most significant crypto theft since December 2022 and stands among the largest in history.
The breach was first identified by Whale Alert, which noted a transfer of 4,502 BTC from an unidentified wallet to a new, unknown destination.
π¨ π¨ π¨ π¨ π¨ π¨ π¨ π¨ π¨ π¨ 4,502 #BTC (308,948,771 USD) transferred from unknown wallet to unknown new wallet
whale-alert.io/transaction/biβ¦
β Whale Alert (@whale_alert)
4:14 AM β’ May 31, 2024
Shortly afterward, DMM Bitcoin confirmed that the funds had been illicitly siphoned from their wallet.
The exchange has disclosed that an investigation is underway and measures are being implemented to prevent future breaches. However, DMM Bitcoin has withheld specific details regarding how the hack was executed.
In response to the incident, DMM Bitcoin has assured its users that all Bitcoin deposits are guaranteed. Nevertheless, the exchange has temporarily suspended spot trading buy orders, leveraged position openings, and new account screenings.
This hack ranks as the third-largest cryptocurrency theft in Japan's history, following the 2018 Coincheck breach where over $530 million in XEM was stolen. Japan also witnessed the infamous collapse of the Mt. Gox exchange in 2014, during which more than 809,000 BTC were stolen across multiple incidents.
Whether or not the stolen $304 million from DMM Bitcoin is eventually recovered, this substantial hack is certain to feature prominently on Rekt's notorious leaderboard.
Receive weekly Bitcoin summaries with news, insights and analysis on all things Bitcoin, all for free.
At approximately 1:30 pm JST, DMM Bitcoin detected a significant breach, with 4,502.9 BTC being siphoned from their hot wallet. An official announcement was made on their website, although the exchange has remained silent on Twitter.
Security firm Beosin has suggested two potential methods for the attack. The first is a traditional exchange attack, where either the signature service of DMM Bitcoin was compromised or the multi-signature private key was breached. In this scenario, the attacker used a historically similar transfer address to avoid detection.
There are two possible methods of attack:
1. A traditional exchange attack. The signature service of DMM Bitcoin is attacked or the multi-sig private key is compromised. Then the attacker used a similar historical transfer address to receive funds to avoid detection and alert.
β Beosin Alert (@BeosinAlert)
4:08 PM β’ May 31, 2024
The second possibility involves an address spoofing scam. Here, the exchange wallet controller might have only verified the first five and the last two digits of the receiving address, inadvertently transferring the funds to the hackerβs address.
Details of the attack transaction have been recorded as follows:
Attack Transaction ID:
Exploiter Address:
Destination Addresses:
In light of this breach, Arkham Intel has announced a bounty to identify the perpetrators. The guidelines include identifying a KYC (Know Your Customer) centralized exchange deposit, revealing the identity of the exploiter, and successfully recovering the stolen funds.
With the hacker's transactions being meticulously tracked, there is hope that blockchain forensics and the bounty program might lead to their identification and the recovery of the $304 million.
In what could become one of the biggest heists in the cryptocurrency industry, the recent hack of DMM Bitcoin underscores the age-old warning: "Not your keys, not your crypto."
Get Ahead In Crypto. Join 15,000+ subscribers and get our free 5-min daily newsletter
Despite DMM's commitment to reimbursing customers, replenishing the colossal amount of stolen Bitcoin will be a formidable and costly endeavor. The introduction of a bounty program on Arkham Intel might aid in recovering the funds or identifying the culprits. However, the complex web of tainted coins dispersed across multiple addresses presents a formidable challenge.
On-chain analysts have successfully unraveled some historical hacks, but tracing this intricate trail could resemble navigating a Byzantine blockchain maze. The entire crypto community is watching to see if the bounty hunters can crack the case and avert what might otherwise solidify DMM Bitcoin's infamy as the biggest crypto heist of 2024.
The precise method of the attack remains unclear. Whether it was an address spoofing scam, a private key compromise, or even an inside job is yet to be determined. Storing such a significant amount of funds in a hot wallet, rather than a cold wallet, is widely considered reckless and has contributed to this disastrous breach.
As the investigation unfolds, the crucial question remains: will the hackers slip into crypto infamy with their $304 million haul, leaving a lasting scar on the industry's reputation?