Japanese DMM Bitcoin Exchange Hacked for 4503 BTC (UPDATED)

"Please be assured that we will procure the equivalent amount of BTC equivalent to the outflow with the support of the group companies and guarantee the full amount," said the exchange.

• The exchange also announced special measures to avoid further unauthorized outflows and restricted all spot buys on the platform. Japanese yen withdrawals "may take more time than usual," added the platform.
• According to chain surveillance firm Elliptic, the hack constitutes the eighth largest 'crypto' theft in history in fiat terms. 

What happened?

• On-chain analyst Mononaut shared some insights into the details of the hack, finding that:

"The stolen funds were sent to an address that matches the first 5 and last 2 characters of the address DMM routinely uses to handle withdrawals from this wallet. Classic address poisoning* attack, right?"

Address poisoning, also known as address spoofing, exploits user carelessness and haste. An attacker sends funds from an address they control, designed to closely resemble the victim's address, hoping the victim will mistakenly copy and paste the wrong address from their transaction history.

• "This was a 2-of-3 multisig holding hundreds of millions of dollars of Bitcoin. DMM has never overpaid like that before from this wallet," he added.

"Unless DMM is completely insane, each of those keys will be controlled by a separate person. So imagine you gain access to just one of those keys, but want to steal all of the money. Which leaves some obvious questions:

1) How did the attacker get access to even one key?

2) And how did they know who and how to contact to secure that crucial second signature?

I suspect we'll never know..."

Blog Post / Archive
CoinDesk Article / Archive
Bitcoin Magazine Article / Archive
Mononaut's Analysis / Archive