Friday, December 6, 2024
HomePress ReleaseMatch Systems' CEO Andrei Kutin Provides Insight on DMM Bitcoin Breach

Match Systems’ CEO Andrei Kutin Provides Insight on DMM Bitcoin Breach

Published on

SIEM as a Service

On May 31, 2024, as a result of the hacking 4502.9 BTC (worth approximately $308M) were stolen from the Japanese exchange Bitcoin.DMM.com. The cybersecurity agency Match Systems conducted the current situation of the case.

Japanese cryptocurrency exchange DMM Bitcoin was recently hacked, resulting in the theft of over $300 million dollars in Bitcoins. The hackers were able to access a private key, which allowed them to transfer 4,502.9 bitcoins from the exchange’s main wallet. The incident occurred on May 30, 2024, and DMM Bitcoin announced the hack the following day.

The reasons for the hack of the exchange are still unclear. The attack could have occurred as a result of compromised private keys. The keys of a hot wallet connected to the Internet could have been compromised either through an internal threat or an external hack, which could have allowed hackers to initiate a transfer of funds.

- Advertisement - SIEM as a Service

Whether social engineering techniques or malware were used to get exchange employees to sign a transaction authorizing the transfer of funds to their wallets, we have yet to learn.

An insider attack scenario cannot be ruled out, in which someone with legitimate access to the system contributed to the hack by giving the hackers the necessary data or initiating the attack.

The investigation revealed that the hackers used cryptocurrency mixer JoinMarket to launder the stolen funds. More than 2,000 BTC was sent to addresses associated with JoinMarket, while the remaining 2,500 BTC remained at the hackers’ original addresses. The Match Systems team was able to identify the first large withdrawal from the mixer in the amount of 223.38 BTC, as well as more than 50 withdrawals over 10 BTC that may be relevant to this case.

The full cycle of money laundering can take months to a year, and Match Systems will continue to monitor the movement of stolen funds, as well as looking into the cause of the attack.

About Match Systems

Match Systems, is a leading company specializing in AML services, blockchain investigations, and implementation of compliance procedures for cryptocurrency projects around the world. By leveraging advanced technology and expertise in financial crime detection, the company is poised to help organizations to navigate the complex regulatory landscape as well as minimize the risks associated with digital currencies.

Contact

Joseph
Match Systems
mediacoverage@matchsystems.com

Kaaviya
Kaaviya
Kaaviya is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.

Latest articles

One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024

One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s...

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

With Sweet, customers can now unify detection and response for applications, workloads, and cloud...

Philippine Entrepreneur Combines Blockchain Innovation with Environmental Conservation through Ora Coin Foundation

Cebu-based entrepreneur Brian Christopher Aguilar has emerged as a notable figure in the cryptocurrency...

Halo Security Launches Slack Integration for Real-Time Alerts on New Assets and Vulnerabilities

Halo Security, a leader in external attack surface management and penetration testing, has announced...