This talk exposes a sophisticated cyber-espionage campaign orchestrated by a North Korean threat actor targeting a cryptocurrency company. Threat actor tactics, techniques, and procedures (TTPs), that inclued social engineering to gain initial access, in-depth source code reviews, and exploitation of a logical vulnerability that resulted in the exfiltration of millions of dollars worth of cryptocurrency. Through the lens of real-world investigations, the threat actor's motivations and the broader implications of their activities will be analysed. Furthermore, this talk will shed light on the lack of robust security monitoring in cloud environments, a critical factor that contributed to the success of this attack. The importance of implementing comprehensive security measures in cloud infrastructures to mitigate the risk of similar attacks in the future will also be discussed. Attendees will gain valuable insights into the evolving landscape of cyber threats, and the vulnerabilities often present in cloud environments. This knowledge will empower organizations to better understand and defend against sophisticated cyber attacks targeting their valuable digital assets.