DMM Bitcoin - Rekt
Centralized Japanese crypto exchange DMM Bitcoin exploited for more than $304 million in Bitcoin, the biggest hack since Dec 2022 and one of the largest crypto hacks ever.
Initially reported by Whale Alert as 4,502 BTC being transferred from an unknown wallet to an unknown new wallet.
DMM confirmed shortly after that the BTC was illegally leaked from their wallet.
DMM has refrained from providing additional details on the apparent hack's execution, stating that they are actively investigating the incident and implementing safeguards to prevent future occurrences.
While assuring all BTC deposits remain guaranteed, the exchange has temporarily halted spot trading buy orders, leveraged position openings, and new account screenings.
The DMM Bitcoin hack appears to be the third-largest cryptocurrency theft in Japan's history, after the 2018 Coincheck hack where over $530 million worth of XEM was stolen.
Japan was also home to the infamous Mt. Gox exchange collapse in 2014.
Over 809,000 BTC were stolen across six hacks during Mt. Gox’s lifetime.
Regardless of whether the $304 million stolen from DMM Bitcoin is recovered, this massive hack is guaranteed to secure a spot on Rekt's infamous leaderboard.
The attack began around 1:30pm JST, when DMM noticed 4,502.9 BTC being leaked from their hot wallet.
They made an announcement on their official site, but maintained radio silence on Twitter so far.
According to Beosin, there are two possible methods of attack:
A traditional exchange attack. The signature service of DMM Bitcoin is attacked or the multi-sig private key is compromised. Then the attacker used a similar historical transfer address to receive funds to avoid detection and alert.
The exchange wallet controller suffered from an address spoofing scam, that is, only the first 5 digits and the last 2 digits of the receiving address were checked during the transfer, resulting in the transfer to the hacker address.
Attack Transaction:
975ec405ac9dc9fa5ab8009d94d6a1fe31dff8a8127ea90d023104e52754e4d7
Exploiter Address:
1B6rJRfjTXwEy36SCs5zofGMmdv2kdZw7P
The exploiter sent the bitcoin to the addresses below:
bc1qegcazuxnp5wxxxamdqvjv345fpve6656vpjln4
bc1qgcv2j80009apvjekph40wagwutfu6l3gcm2fw0
bc1q2u9m2eqy8glvrjeqr5sceqngpad6dnxrtyxlf3
bc1q2tu4dxyvnaquar96mj99yqjanfzgg3fv4gzytd
bc1q7p3atj3v95k4pd7qxnnqlhjwu843ty2hqn9gy0
bc1qr4vnu4f4tl3gwfxt6a5hgt6vuusgsd0j2cnz74
bc1q3ur23g02rq5w0x6y8vek3xradjgs080nzksfje
bc1qrtltlc7zjzj3knde2tqjt7tl2p5l2keh4l2uka
bc1qx6jpnnfjrfcx9ehhdmj7qqyzpyd8pek00trrq7
bc1q7pdecv2raf3x84unxlv9ghtpjfpwlam6dx27xd
Arkham Intel is offering a bounty to help identify the perpetrator(s).
The bounty guidelines are identifying a KYC centralized exchange deposit, revealing the identity of the exploiter and successful effort to return funds.
With the hacker's transactions being closely tracked, will blockchain forensics and the bounty program lead to their unmasking and recovery of the $304 million?
What could go down as one of the biggest heists in our industry, became another prime example of not your keys, not your crypto.
DMM has vowed to make customers whole, but restocking that mountain of bitcoin won't be easy or cheap.
The creation of the bounty program on Arkham Intel could potentially aid in recovering the stolen funds or identifying the perpetrators.
While on-chain sleuths have cracked some historic hacks, this trail of tainted coins spread across multiple addresses could prove a byzantine blockchain maze.
All eyes are glued to see if the bounty hunters can work their magic and resolve this rektoning before it solidifies DMM's legacy as crypto's biggest Rekt of 2024.
The root cause of the attack has yet to be revealed, whether it is an address spoofing incident, private key compromise or even an inside job, remains to be seen.
Keeping that large amount of funds in a hot wallet as opposed to a cold wallet is just reckless.
Will the hackers drift off into crypto infamy, their $304 million score burning a hole in the industry's reputation?
REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.
donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
disclaimer:
REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.
you might also like...
ETHTrustFund - Rekt
Another day, another rug pull. This time on Coinbase's pet project Base Network. ETHTrustFund rug pulls on Base, leading to $2.1 million in investor losses.
Rho Market - Rekt
An oracle's misconfiguration turns into a $7.5 million windfall for an alert MEV bot. What began as a simple misstep in Rho Market's oracle configuration turned into a payday for an opportunistic MEV bot on July 19th, as it swiftly seized upon the opening within the protocol built on Scroll.
WazirX - Rekt
India's leading crypto exchange, WazirX took a massive $235 million hit when it's Safe multisig wallet crumbled under a devastating breach. How many times do we need to be reminded of not your keys, not your crypto?