← DMM Bitcoin3 decisions on this page

Audit log

Every state-changing event for DMM Bitcoin: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-20 15:26:59Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 421,012,595
sig
3QfJPihnpkoL…xaeQGcBpexplorer ↗
hash
CPMKAgcjJtjh…nohgszwpsha256 → base58
verifying row…full verify ↗
canonical bytes (6994 B) ▸
{"actor":"system:backfill","investigation_id":"e8972dc5-6b5b-4ab9-9e05-1974d92b8c54","kind":"publish","page_slug":"dmm-bitcoin","published_at":"2026-05-20T15:26:59.244Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"DMM Bitcoin","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.financemagnates.com/cryptocurrency/news/dmm-bitcoin-coming-january/"},{"credibility":3,"name":"","type":"other","url":"https://www.forexgdp.com/news/crypto-exchange-farewell/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.fbi.gov/news/press-releases/fbi-dc3-and-npa-identification-of-north-korean-cyber-actors-tracked-as-tradertraitor-responsible-for-theft-of-308-million-from-bitcoindmmcom"},{"credibility":3,"name":"","type":"other","url":"https://techcrunch.com/2024/05/31/hackers-steal-305-million-from-dmm-bitcoin-crypto-exchange/"},{"credibility":3,"name":"","type":"other","url":"https://thehackernews.com/2024/12/north-korean-hackers-pull-off-308m.html"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/business/2024/05/31/japanese-crypto-exchange-dmm-bitcoin-suffers-305m-hack"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/fbi-reveals-dmm-crypto-hack-300m-north-korea"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/lazarus-group-suspected-moving-stolen-funds-dmm-bitcoin-hack"},{"credibility":3,"name":"","type":"other","url":"https://www.merklescience.com/blog/hack-track-dmm-flow-of-funds-analysis"},{"credibility":3,"name":"","type":"other","url":"https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2025/"},{"credibility":3,"name":"","type":"other","url":"https://www.fincen.gov/news/news-releases/fincen-finds-cambodia-based-huione-group-be-primary-money-laundering-concern"},{"credibility":3,"name":"","type":"other","url":"https://beincrypto.com/lazarus-transfers-funds-from-dmm-bitcoin-hack/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://medium.com/tokyo-fintech/dmm-bitcoin-receives-business-improvement-order-004693593b8d"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/380286/japan-crypto-exchange-reserve-mandate"},{"credibility":3,"name":"","type":"other","url":"https://finance.yahoo.com/news/japans-fsa-require-crypto-exchanges-050024196.html"},{"credibility":3,"name":"","type":"other","url":"https://finance.yahoo.com/news/japan-fsa-weighs-registration-rules-095902067.html"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/business/2024/12/02/japanese-crypto-exchange-dmm-bitcoin-to-shut-down-after-305-m-hack"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/328890/japanese-exchange-dmm-bitcoin-to-shut-down-transfer-assets-to-sbi-group-unit-after-300-million-hack"},{"credibility":3,"name":"","type":"other","url":"https://cryptopotato.com/sbi-vc-trade-completes-acquisition-of-hacked-crypto-exchange-dmm-bitcoin-assets/"},{"credibility":3,"name":"","type":"other","url":"https://decrypt.co/294452/japanese-crypto-exchange-shut-down-300m-hack-transfer-accounts-sbi"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.fbi.gov/news/press-releases/fbi-dc3-and-npa-identification-of-north-korean-cyber-actors-tracked-as-tradertraitor-responsible-for-theft-of-308-million-from-bitcoindmmcom"},{"credibility":3,"name":"","type":"other","url":"https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2025/"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/tokyo-fintech/dmm-bitcoin-receives-business-improvement-order-004693593b8d"}]}],"sources_used":[],"summary":"DMM Bitcoin was a licensed Japanese cryptocurrency exchange operated by DMM Group (DMM.com) that launched in January 2018. In May 2024 it suffered the eighth-largest crypto theft in history when North Korean state-sponsored hackers attributed to the TraderTraitor subgroup of Lazarus Group stole 4,502.9 BTC (approximately $305–308 million USD) through a sophisticated supply-chain attack targeting Ginco, a third-party wallet management provider. Following the hack, Japan's Financial Services Agency issued a business improvement order, the exchange restricted operations, and in December 2024 announced full closure with all customer assets transferred to SBI VC Trade by March 2025.","timeline":[{"date":"2018-01-10","event":"DMM Bitcoin launches trading platform under DMM Group, offering spot and leverage trading in Japan.","source":""},{"date":"2024-03-01","event":"TraderTraitor operative posing as a LinkedIn recruiter contacts a Ginco employee and delivers a malicious Python script disguised as a pre-employment coding challenge.","source":""},{"date":"2024-05-01","event":"Attackers exploit harvested session cookies to impersonate the compromised Ginco employee and access Ginco's unencrypted internal communications system.","source":""},{"date":"2024-05-31","event":"4,502.9 BTC (approximately $305–308 million) is illegally transferred from DMM Bitcoin wallets via manipulation of a legitimate DMM employee transaction request. DMM Bitcoin publicly confirms the breach.","source":""},{"date":"2024-07-12","event":"Tether blacklists a Tron wallet address linked to the laundering chain, freezing approximately $28–30 million in USDT connected to Huione Guarantee.","source":""},{"date":"2024-07-15","event":"ZachXBT publicly reports over $35 million from the DMM Bitcoin hack has been laundered through Huione Guarantee in Cambodia, identifying Lazarus Group laundering signatures.","source":""},{"date":"2024-09-01","event":"Japan's FSA (Kanto Local Finance Bureau) issues a formal business improvement order against DMM Bitcoin under Article 63-16 of the Payment Services Act, citing concentrated authority in operations and security as a systemic failure.","source":""},{"date":"2024-10-28","event":"FSA deadline for DMM Bitcoin to submit a business improvement plan with specific measures and implementation timeline.","source":""},{"date":"2024-12-02","event":"DMM Bitcoin announces it will cease all operations and transfer all customer accounts and assets to SBI VC Trade by March 2025.","source":""},{"date":"2024-12-23","event":"The FBI, U.S. DC3, and Japan's NPA issue a joint public statement formally attributing the DMM Bitcoin theft to North Korean cyber actors operating as TraderTraitor (also tracked as Jade Sleet, UNC4899, Slow Pisces).","source":""},{"date":"2025-03-08","event":"SBI VC Trade completes transfer of all DMM Bitcoin customer accounts and assets. DMM Bitcoin ceases operations entirely.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 73aed346-590a-4964-a074-9e652157ec87
#2reviewby reviewerreviewer
2026-06-15 19:29:59Z
Score: 10 → 10 (no score change)
The DMM Bitcoin investigation page is substantially accurate in its core narrative: the May 2024 North Korean TraderTraitor hack, the 4,502.9 BTC amount, FSA business improvement order, and December 2024 closure announcement to SBI VC Trade are all confirmed by authoritative sources including the FBI and FSA. The main factual errors are two timeline dates that are off by weeks (the LinkedIn social engineering was 'late March' not March 1; the session cookie exploitation was 'after mid-May' not May 1), and the FSA order date is wrong by 25 days (September 26, not September 1). The 'eighth-largest theft in history' claim is approximately correct at time of writing but may be stale. The characterization of the attack as a 'supply-chain attack' is a slight overstatement of what was actually a social engineering attack on a vendor employee.
anchoranchored
chain
●mainnet-betaslot 426,697,948
sig
4F6ibMhw4BuF…uy5bG8AAexplorer ↗
hash
9z7Cq5Fi2M17…nbhoJm3psha256 → base58
verifying row…full verify ↗
canonical bytes (1194 B) ▸
{"actor":"reviewer","decided_at":"2026-06-15T19:29:59.396Z","decision":"review","investigation_id":"e8972dc5-6b5b-4ab9-9e05-1974d92b8c54","new_score":10,"page_slug":"dmm-bitcoin","prev_score":10,"reason":"The DMM Bitcoin investigation page is substantially accurate in its core narrative: the May 2024 North Korean TraderTraitor hack, the 4,502.9 BTC amount, FSA business improvement order, and December 2024 closure announcement to SBI VC Trade are all confirmed by authoritative sources including the FBI and FSA. The main factual errors are two timeline dates that are off by weeks (the LinkedIn social engineering was 'late March' not March 1; the session cookie exploitation was 'after mid-May' not May 1), and the FSA order date is wrong by 25 days (September 26, not September 1). The 'eighth-largest theft in history' claim is approximately correct at time of writing but may be stale. The characterization of the attack as a 'supply-chain attack' is a slight overstatement of what was actually a social engineering attack on a vendor employee.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 0bfff814-07e6-4e82-a59f-23cbb684ff8c
#3review approveby judgejudge
2026-06-15 19:29:59Z
Score: 10 → 52 (+42)
The page's core narrative is confirmed by authoritative sources including the FBI/DC3/NPA joint statement and official FSA records. The single 'disputed' finding (claim_findings[12]) is a timeline date 25 days off for the FSA business improvement order — a minor precision error, not a dispute of any substantive allegation. The four 'partially_supported' findings are similarly limited to timeline date imprecision and a characterization nuance ('supply-chain' vs. social engineering), none of which affect the page's core conclusions. The content warrants approval. Separately, the current score of 10 (CRITICAL) is a significant mis-calibration under fraud-likelihood semantics: the primary incident is a suffered North Korean state-sponsored hack confirmed by the FBI, customers were fully transferred to SBI VC Trade with no loss, and the FSA order addressed operational negligence rather than fraud. Under the anti-conflation principle, being hacked does not equal fraud; the correct band is CAUTIONARY. A score of 52 is applied, reflecting the hack-victim status offset by confirmed own-negligence in security architecture.
anchoranchored
chain
●mainnet-betaslot 426,697,952
sig
4keemdcGq6C5…vnBW3xU9explorer ↗
hash
F29fy7nNV4JZ…wavsW2K8sha256 → base58
verifying row…full verify ↗
canonical bytes (1483 B) ▸
{"actor":"judge","decided_at":"2026-06-15T19:29:59.396Z","decision":"review_approve","investigation_id":"e8972dc5-6b5b-4ab9-9e05-1974d92b8c54","new_score":52,"page_slug":"dmm-bitcoin","prev_score":10,"reason":"The page's core narrative is confirmed by authoritative sources including the FBI/DC3/NPA joint statement and official FSA records. The single 'disputed' finding (claim_findings[12]) is a timeline date 25 days off for the FSA business improvement order — a minor precision error, not a dispute of any substantive allegation. The four 'partially_supported' findings are similarly limited to timeline date imprecision and a characterization nuance ('supply-chain' vs. social engineering), none of which affect the page's core conclusions. The content warrants approval. Separately, the current score of 10 (CRITICAL) is a significant mis-calibration under fraud-likelihood semantics: the primary incident is a suffered North Korean state-sponsored hack confirmed by the FBI, customers were fully transferred to SBI VC Trade with no loss, and the FSA order addressed operational negligence rather than fraud. Under the anti-conflation principle, being hacked does not equal fraud; the correct band is CAUTIONARY. A score of 52 is applied, reflecting the hack-victim status offset by confirmed own-negligence in security architecture.","score_delta":42,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 3b72dfbf-195f-4c3d-904f-163af4f826b3

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.