2026-02-17 –, Auditorium
TraderTraitor, also known as Jade Sleet, Slow Pisces, UNC4899, Dark River is the North Korean threat actor behind major cryptocurrency heists from ByBit, DMM, WazirX, CoinsPaid, Alphapo, Atomic Wallet, Horizon Bridge, Ronin Bridge, and many others. This presentation is a deep dive into TraderTraitor and will cover how they compromise their victims, how defenders and security teams can track TraderTraitor, and measures that organizations can take to protect themselves from being the next Bybit. This presentation will have non-public details about TraderTraitor activity.
North Korea loves stealing crypto. This presentation is a deep dive into TraderTraitor, North Korea's most effective hacking group. This presentation will explore how TraderTraitor compromises cryptocurrency exchanges, wallet service providers, and cloud companies in order to steal massive amounts of cryptocurrency including the ByBit heist where they walked away with $1.5 Billion worth of Ethereum. While TraderTraitor is incredibly effective at stealing cryptocurrency for North Korea, a few security measures can help protect your organization, and your service providers, from this threat actor.
Daniel Gordon has over a decade of experience hunting, researching, tracking, and stopping North Korean hacking groups across both public and private sector. He has a bunch of degrees and certifications, and has published blogs for DarkReading, War on the Rocks, and Risky.biz and given talks on North Korean hacking at SleuthCon and FTSCon.