The article delves into the DMM Bitcoin hack, uncovering critical vulnerabilities in crypto exchange security. It explores the magnitude of the breach, revealing a $320 million loss attributed to the North Korean Lazarus Group. The piece highlights deficiencies in DMM Bitcoin's system risk management and outlines similar vulnerabilities found in Microsoft Exchange Server. It discusses the security recommendations for organizations to bolster defenses against advanced cyber threats. Ideal for cybersecurity professionals, the article provides insights into countermeasures against sophisticated hacking techniques while optimizing keyword density for quick scanning.
DMM Bitcoin loses $429 million in major hack
In May 2025, Japanese cryptocurrency exchange DMM Bitcoin suffered one of the most devastating security breaches in crypto history, losing approximately $320 million worth of Bitcoin. The hack, attributed to North Korean hackers identified as the Lazarus Group (also tracked as TraderTraitor), compromised a private key linked to a wallet containing over 4,500 Bitcoin. Following the incident, DMM Bitcoin was forced to halt its restructuring efforts and eventually announced the shutdown of its operations, marking this as the second-largest crypto exchange hack in Japan's history.
| Comparison of Major Japanese Exchange Hacks |
Amount Lost |
Year |
Attributed To |
| Coincheck Hack |
$530 million |
2018 |
Unknown |
| DMM Bitcoin Hack |
$320 million |
2025 |
North Korean Hackers |
Japanese financial authorities found serious deficiencies in DMM Bitcoin's security protocols, noting that "serious problems were found with the Company's system risk management system." The Federal Bureau of Investigation, Department of Defense Cyber Crime Center, and National Police Agency of Japan jointly issued an alert regarding the theft. After the attack, blockchain analysis showed the stolen funds were moved through several intermediary addresses before eventually reaching Bitcoin mixing services to obscure their trail, a technique commonly employed by North Korean cyber actors.
Security vulnerabilities exposed in exchange's risk management
Microsoft Exchange Server has recently exposed serious security vulnerabilities that pose significant threats to institutional risk management systems. Several high-severity remote code execution flaws have been identified, allowing authenticated attackers to execute arbitrary code on servers through improper deserialization of untrusted data. These vulnerabilities affect multiple Exchange Server versions and can potentially lead to complete system compromise.
The severity of these vulnerabilities is highlighted in the following comparison:
| CVE ID |
Severity |
Affected Versions |
Potential Impact |
| CVE-2023-32031 |
High |
Exchange 2016, 2019 |
Full system compromise |
| CVE-2023-21706 |
High |
Exchange 2013, 2016, 2019 |
Full system compromise |
| CVE-2023-21529 |
High |
Exchange 2013, 2016, 2019 |
Full system compromise |
| CVE-2025-53786 |
High |
Hybrid-joined configurations |
Privilege escalation |
CISA and other cybersecurity agencies have issued emergency directives regarding these vulnerabilities, particularly concerning CVE-2025-53786, which allows attackers with administrative privileges to escalate access. Active exploitation is ongoing, with nation-state hackers repeatedly targeting on-premises Exchange servers that handle sensitive data. Microsoft has released critical patches addressing these vulnerabilities, yet organizations with unpatched systems remain at significant risk of data theft and system compromise.
Suspected North Korean Lazarus Group behind the attack
The FBI has officially confirmed that the notorious North Korean state-sponsored advanced persistent threat group known as Lazarus (also designated as APT38) is responsible for major cryptocurrency heists, including the $100 million theft from Harmony's Horizon bridge in June 2022. Recent intelligence suggests this same group may be behind the MM token cyberattack, employing similar sophisticated tactics, techniques, and procedures (TTPs) that have become their signature.
In 2025, the Lazarus Group has evolved their operations to specifically target tech industries and defense sectors, particularly European drone manufacturers, indicating a strategic shift in their cyber espionage activities. Their methodology now includes elaborate social engineering techniques such as fake job interviews and deployment of specialized malware like InvisibleFerret, OtterCookie, and PyLangGhost.
| Lazarus Group Attack Statistics |
Details |
| Confirmed Theft (Harmony) |
$100 million |
| Estimated Total Crypto Heist |
$1.5 billion |
| Successfully Laundered |
$300 million |
| Active Market Targets |
22 platforms |
| Current MM Token Value |
$0.00319033 USD |
Security experts recommend organizations implement advanced threat intelligence for detection, immediately isolate affected systems upon breach identification, and maintain comprehensive incident response protocols designed specifically to counter the group's evolving methodologies.
FAQ
What is mm in crypto?
In crypto, 'mm' stands for market making, a process that provides liquidity and stability to trading markets by creating buy and sell orders.
What is the name of Melania Trump's coin?
Melania Trump's coin is called $MELANIA. It was launched as a meme coin associated with the former First Lady.
What is an mm token?
An MM token is a decentralized cryptocurrency on the Ethereum blockchain, used in DeFi for lending, borrowing, and liquidity provision.
What is Elon Musk's cryptocurrency called?
Elon Musk doesn't have his own cryptocurrency, but Dogecoin (DOGE) is most closely associated with him.
* The information is not intended to be and does not constitute financial advice or any other recommendation of any sort offered or endorsed by Gate.
