June 04, 2024

More than $300 million in losses! Analysis of 4502.9 $BTC abnormal outflow on DMM Bitcoin exchange

On May 31, according to the Beosin Alert security risk monitoring and alert platform, DMM Bitcoin exchange, a subsidiary of DMM.com, Japanese securities company, experienced a huge unauthorized outflow of Bitcoin, with an outflow amount of about 48 billion yen (about $300 million).

DMM Bitcoin subsequently issued an announcement that the details and causes of the loss are still under investigation, and DMM Bitcoin exchange has restricted new user account opening and crypto asset withdrawal, stopped spot trading orders, suspended leveraged trading orders and other services.

Regarding this security incident, Beosin first conducted an analysis of the potential vulnerabilities and the flow of the stolen funds.

Vulnerability analysis

The Beosin security team conducted a comprehensive review of the withdrawal process of the DMM Bitcoin exchange: The DMM Bitcoin Exchange physically isolated and managed the crypto assets held by customers, of which more than 95% of the customer assets are stored in cold wallets.

When crypto assets need to be transferred from a cold wallet to a hot wallet, DMM Bitcoin exchange conducts the transfer by a two-person team and requires the approval of multiple departments, including directors. Once the transfer is completed, the details of the asset transfer need to be shared within the company.

According to the analysis of Beosin security experts, there are two possible attacks in this security incident:

1. Traditional exchange attack. The signature service of the DMM Bitcoin exchange was attacked, or the multi-signature private key was leaked, and the attacker completed the transfer of assets. And the attackers used similar historical transfer addresses to receive funds in order to avoid exchange insiders noticing the anomaly.

2. Fake address scams. The relevant wallet personnel in the DMM Bitcoin exchange only checked the first 5 digits and the last 2 digits of the address during the transfer, and did not do a careful full address check, resulting in the transfer to the hacker address.

As the cause of the attack is still under internal investigation, DMM Bitcoin exchange has not disclosed more details of the incident, and the exact cause and process of the attack have not yet been determined. The Beosin security team will closely monitor the incident and make a full analysis of the cause of the incident when more information becomes available.

Flow of stolen funds

According to Beosin Trace, the 4502.9 BTC stolen so far has been dispersed by the attackers to 10 new addresses. Beosin Trace has marked the address as the address of the DMM Bitcoin Hacker and will continuously monitor the flow of the stolen funds.

At present, the underlying address database of Beosin Trace contains billions of address tags and 60 million black addresses, supporting 17 blockchains, asset tracing of more than 6 million token types, and the analysis of more than 60 cross-chain bridging protocols. When attackers disperse stolen funds, attempt to launder funds through cross-chain bridge protocols, or exchange them for other tokens, Beosin Trace analyzes the flow of funds accurately and in real time, visualizes the fund link, locates the deposit address, and assists law enforcement agencies in recovering stolen assets.

The attack address of this incident:


Fund storage address:











Latest Update

According to DMM Bitcoin website, the funds deposited by DMM Bitcoin customers are managed separately by Japan Securities Trust Bank Ltd. With SBI Clearing Trust Co., Ltd.. Even if DMM Bitcoin goes bankrupt, customers' funds held in the trust will be protected.

At present, DMM Bitcoin has said that they will purchase BTC with the support of the group of companies to match the outflow volume, in order to guarantee 100% of the BTC assets held by customers.

Related Project

Related Project Secure Score

Guess you like
Learn More
  • Blockchain Security and Regulation Monthly Recap of May: $454M lost in attacks

    June 03, 2024

  • Over $100M Involved and 127 Suspects Detained: Analysis of Turkey's Crypto Ponzi Scheme

    June 17, 2024

  • Amidst Ongoing Debates, Can ZKsync Still Become a Dark Horse in the Layer 2 Race?

    June 17, 2024

  • Crypto regulations in Malaysia - Guidance for 2024

    June 18, 2024

Join the community to discuss.