Tuesday, February 25, 2025
HomePress ReleaseMatch Systems' CEO Andrei Kutin Provides Insight on DMM Bitcoin Breach

Match Systems’ CEO Andrei Kutin Provides Insight on DMM Bitcoin Breach

Published on

SIEM as a Service

Follow Us on Google News

On May 31, 2024, as a result of the hacking 4502.9 BTC (worth approximately $308M) were stolen from the Japanese exchange Bitcoin.DMM.com. The cybersecurity agency Match Systems conducted the current situation of the case.

Japanese cryptocurrency exchange DMM Bitcoin was recently hacked, resulting in the theft of over $300 million dollars in Bitcoins. The hackers were able to access a private key, which allowed them to transfer 4,502.9 bitcoins from the exchange’s main wallet. The incident occurred on May 30, 2024, and DMM Bitcoin announced the hack the following day.

The reasons for the hack of the exchange are still unclear. The attack could have occurred as a result of compromised private keys. The keys of a hot wallet connected to the Internet could have been compromised either through an internal threat or an external hack, which could have allowed hackers to initiate a transfer of funds.

Whether social engineering techniques or malware were used to get exchange employees to sign a transaction authorizing the transfer of funds to their wallets, we have yet to learn.

An insider attack scenario cannot be ruled out, in which someone with legitimate access to the system contributed to the hack by giving the hackers the necessary data or initiating the attack.

The investigation revealed that the hackers used cryptocurrency mixer JoinMarket to launder the stolen funds. More than 2,000 BTC was sent to addresses associated with JoinMarket, while the remaining 2,500 BTC remained at the hackers’ original addresses. The Match Systems team was able to identify the first large withdrawal from the mixer in the amount of 223.38 BTC, as well as more than 50 withdrawals over 10 BTC that may be relevant to this case.

The full cycle of money laundering can take months to a year, and Match Systems will continue to monitor the movement of stolen funds, as well as looking into the cause of the attack.

About Match Systems

Match Systems, is a leading company specializing in AML services, blockchain investigations, and implementation of compliance procedures for cryptocurrency projects around the world. By leveraging advanced technology and expertise in financial crime detection, the company is poised to help organizations to navigate the complex regulatory landscape as well as minimize the risks associated with digital currencies.

Contact

Joseph
Match Systems
mediacoverage@matchsystems.com

Kaaviya
Kaaviya
Kaaviya is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.

Latest articles

Google Issues Warning on Phishing Campaigns Targeting Higher Education Institutions

Google, in collaboration with its Mandiant Threat Intelligence team, has issued a warning about...

TgToxic Android Malware Updated it’s Features to Steal Login Credentials

The TgToxic Android malware, initially discovered in July 2022, has undergone significant updates, enhancing...

Hackers Exploiting Cisco Small Business Routers RCE Vulnerability Deploying Webshell

A critical remote code execution (RCE) vulnerability, CVE-2023-20118, affecting Cisco Small Business Routers, has...

Malicious npm Package Targets Developers for Supply Chain Attack

The Socket Research Team has uncovered a malicious npm package@ton-wallet/create designed to steal sensitive...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

INE Secures Spot Top 50 Education Software Rankings 2025 in G2’s

INE, the leading provider of networking and cybersecurity training and certifications, today announced its...

INE Security Elevating Tech Careers with Cybersecurity Training

2025 marks a time of unprecedented volatility in the technology job market. On one...

Intruder Expands ‘Intel’ Vulnerability Intelligence Platform with AI-Generated CVE Descriptions

Intel by Intruder now uses AI to contextualize NVD descriptions, helping security teams assess...