The North Korean hacker group UNC4899 attacked the trading platform, resulting in 9 users losing 14 million dollars, which has been compensated.

[Coin World] It was reported that a certain trading platform experienced a complex security incident on July 24, resulting in 14 million dollars being stolen from 9 user accounts. There is evidence suggesting that this attack was initiated by UNC4899, a cyber espionage organization funded by the North Korean government, which colludes with the North Korean Reconnaissance General Bureau, publicly known as Lazarus Group, TraderTraitor, and Jade Sleet. The attack began with a social engineering attack targeting the development team, where the attacker seemed to launch the attack through a legitimate Open Source collaboration request. A team member was invited on an open-source software forum to help debug a development tool. After a brief discussion, the developer downloaded the file on a mobile device and then opened it using a company-issued MacBook. Before opening the file, researchers conducted malware detection on it, but the scan results were negative. After the program ran, it downloaded a hidden backdoor similar to common backend processes. This allowed the attacker to maintain access to the development environment and find an opportunity to change the database after a period of time, thereby gaining access to 9 accounts that had initiated withdrawal operations. Unauthorized withdrawal operations were detected two hours later and were immediately stopped, with all affected users receiving full compensation from the platform's treasury.