DMM Bitcoin - Rekt

Centralized Japanese crypto exchange DMM Bitcoin exploited for more than $304 million in Bitcoin, the biggest hack since Dec 2022 and one of the largest crypto hacks ever.

Initially reported by Whale Alert as 4,502 BTC being transferred from an unknown wallet to an unknown new wallet.

DMM confirmed shortly after that the BTC was illegally leaked from their wallet.

DMM has refrained from providing additional details on the apparent hack's execution, stating that they are actively investigating the incident and implementing safeguards to prevent future occurrences.

While assuring all BTC deposits remain guaranteed, the exchange has temporarily halted spot trading buy orders, leveraged position openings, and new account screenings.

The DMM Bitcoin hack appears to be the third-largest cryptocurrency theft in Japan's history, after the 2018 Coincheck hack where over $530 million worth of XEM was stolen.

Japan was also home to the infamous Mt. Gox exchange collapse in 2014.

Over 809,000 BTC were stolen across six hacks during Mt. Gox’s lifetime.

Regardless of whether the $304 million stolen from DMM Bitcoin is recovered, this massive hack is guaranteed to secure a spot on Rekt's infamous leaderboard.

Credit: Whale Alert, DMM Bitcoin, CoinDesk, Blockonomi, Beosin, Arkham Intel

The attack began around 1:30pm JST, when DMM noticed 4,502.9 BTC being leaked from their hot wallet.

They made an announcement on their official site, but maintained radio silence on Twitter so far.

According to Beosin, there are two possible methods of attack:

  • A traditional exchange attack. The signature service of DMM Bitcoin is attacked or the multi-sig private key is compromised. Then the attacker used a similar historical transfer address to receive funds to avoid detection and alert.

  • The exchange wallet controller suffered from an address spoofing scam, that is, only the first 5 digits and the last 2 digits of the receiving address were checked during the transfer, resulting in the transfer to the hacker address.

Attack Transaction:


Exploiter Address:


The exploiter sent the bitcoin to the addresses below:











Arkham Intel is offering a bounty to help identify the perpetrator(s).

The bounty guidelines are identifying a KYC centralized exchange deposit, revealing the identity of the exploiter and successful effort to return funds.

With the hacker's transactions being closely tracked, will blockchain forensics and the bounty program lead to their unmasking and recovery of the $304 million?

What could go down as one of the biggest heists in our industry, became another prime example of not your keys, not your crypto.

DMM has vowed to make customers whole, but restocking that mountain of bitcoin won't be easy or cheap.

The creation of the bounty program on Arkham Intel could potentially aid in recovering the stolen funds or identifying the perpetrators.

While on-chain sleuths have cracked some historic hacks, this trail of tainted coins spread across multiple addresses could prove a byzantine blockchain maze.

All eyes are glued to see if the bounty hunters can work their magic and resolve this rektoning before it solidifies DMM's legacy as crypto's biggest Rekt of 2024.

The root cause of the attack has yet to be revealed, whether it is an address spoofing incident, private key compromise or even an inside job, remains to be seen.

Keeping that large amount of funds in a hot wallet as opposed to a cold wallet is just reckless.

Will the hackers drift off into crypto infamy, their $304 million score burning a hole in the industry's reputation?

share this article

REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.

donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C


REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.