North Korea-Linked Hackers Steal $23M from UK Crypto Firm Lykke

Generated by AI AgentCoin World
Monday, Aug 18, 2025 3:36 am ET1min read
BTC
--
ETH
--
Aime RobotAime Summary

- North Korea-linked Lazarus Group hackers stole $23M from UK crypto firm Lykke in 2023 by exploiting infrastructure vulnerabilities.

- UK Treasury's OFSI publicly attributed the attack to "malicious DPRK cyberactors," marking the first UK government link between Lazarus and major cybercrime.

- The breach led to Lykke's 2024 liquidation after regulatory scrutiny and user-led legal action, highlighting crypto sector vulnerabilities to state-sponsored attacks.

- Lazarus' tactics included laundering stolen Ethereum into DAI and dispersing Bitcoin across wallets to obscure transaction trails.

- The incident underscores North Korea's strategy to exploit crypto's pseudonymity for military funding, with Lazarus previously targeting ByBit and CoinDCX in 2024.

In a landmark cyberattack on a UK-based fintech firm, North Korea-linked hackers from the Lazarus Group have been accused of stealing approximately $23 million from Lykke, a British crypto trading platform. The breach occurred in 2023 when attackers exploited vulnerabilities in Lykke’s infrastructure to siphon 158 BTC and 2,161 ETH. The stolen

Ethereum
was converted into the stablecoin DAI via decentralized exchanges, while the
Bitcoin
was distributed across multiple wallets to obscure the trail [1].

The UK’s Office of Financial Sanctions Implementation (OFSI), a division of the Treasury, has publicly attributed the attack to "malicious Democratic People’s Republic of Korea cyberactors," marking the first time the British government has directly linked the Lazarus Group to a major cybercrime in the UK. OFSI collaborated with law enforcement agencies during the investigation [1].

The aftermath of the attack led to the collapse of Lykke. In March 2024, a UK court ordered the company’s liquidation following a legal campaign led by affected users. Prior to the incident, Lykke had already faced scrutiny from the UK’s Financial Conduct Authority (FCA), which in 2023 warned against the platform’s unregistered provision of crypto products to British consumers [1].

This incident underscores the broader strategy by North Korean cybercriminals to exploit the decentralized and pseudonymous nature of cryptocurrencies to fund military and nuclear programs. The Lazarus Group, previously linked to a $1.5 billion heist at ByBit in 2024 and a $44 million breach at India’s CoinDCX in July 2024, continues to target crypto exchanges globally [1].

Israeli cybersecurity firm Whitestream confirmed Lazarus’ involvement in the Lykke breach, citing evidence that the attackers used intermediaries to launder the stolen funds and avoid detection. However, some researchers caution that while the evidence is suggestive, definitive attribution to Lazarus remains under scrutiny [1].

Lykke, launched in 2015 and based in Switzerland, offered fee-free trading on digital assets. Despite early success, the company struggled with compliance and security challenges, which culminated in its collapse after the cyberattack [1].

The case highlights the increasing threat of state-sponsored cybercrime in the crypto space. As digital assets become more central to illicit financial flows, governments are under pressure to strengthen regulatory frameworks and enhance international cooperation to prevent such incidents.

Source: [1] Lazarus Group Accused of Stealing $23M From British Crypto Startup Lykke (https://cryptonews.com/news/lazarus-group-accused-of-stealing-23m-from-british-crypto-startup-lykke/)