The North Korean hacker group Lazarus has been accused of stealing $22.8 million in Crypto Assets. The UK exchange Lykke was forced to shut down its liquidation | The security of cryptocurrency exchanges raises alarms again.

The UK Treasury's Office of Financial Sanctions Implementation (OFSI) has officially accused the North Korean state-sponsored hacker group Lazarus Group of stealing $22.8 million in digital assets from the UK-registered, Switzerland-operated crypto assets exchange Lykke. The hacker attack caused the Lykke platform to crash and ultimately shut down liquidation, leaving its founder facing bankruptcy and legal scrutiny. This is another case in the Lazarus Group's global series of attacks on crypto assets exchanges, with the stolen funds believed to be used to finance North Korea's weapons programs and evade international sanctions. The incident has led to investor lawsuits and highlights the security risks and compliance issues associated with crypto assets exchanges.

North Korean Hacker Strikes Again, Lykke Exchange Hit Hard

The UK Treasury's Office of Financial Sanctions Implementation (OFSI) released a report linking the notorious North Korean state-sponsored hacker group Lazarus Group to a major theft case targeting the UK-registered crypto asset exchange Lykke. The attack resulted in the theft of $22.8 million worth of Bitcoin, Ethereum, and other digital assets, causing devastating damage to the Lykke exchange, ultimately forcing the Swiss platform, which was known for its zero-fee trading model, to cease operations.

Consequences of the Attack: Shutdown of Liquidation and Founder's Predicament

The recent hacker attack directly led to the Lykke exchange suspending operations after suffering a security breach, and it officially ceased services last December. Lykke's Swiss parent company has entered liquidation proceedings. The platform's founder, Richard Olsen—great-grandson of Swiss banking giant Julius Baer—was declared bankrupt this January. UK legal documents show that Olsen is also facing a criminal investigation in Switzerland, but he has not responded to media requests for comment. This incident further confirms the Lazarus Group's global attack pattern targeting digital asset platforms, with the stolen funds believed to have provided North Korea with billions of dollars to bypass international sanctions and finance its weapons development programs.

Investor Compensation and Regulatory Warnings

More than 70 users of the Lykke platform who suffered losses have submitted a liquidation petition to the UK court, claiming that the total losses due to the exchange's shutdown amount to £5.7 million. It is worth noting that the UK Financial Conduct Authority (FCA) issued a warning to Lykke as early as 2023, stating that the company was neither registered in the UK nor authorized to provide financial services to UK consumers. Although the platform promised to return user funds, trading was frozen after a hacker attack, and it ultimately collapsed, leaving the recovery of user funds reliant on the liquidation process. This serves as a reminder for cryptocurrency investors to pay attention to exchange compliance (such as FCA licensing in the UK) and the safety of user funds.

Attribution Disputes and Money Laundering Techniques

The Israeli cryptocurrency research institution Whitestream also accused the Lazarus Group of being responsible for the Lykke hacker incident. They further claimed that the attackers laundered the stolen funds through two cryptocurrency companies known for providing transaction obfuscation and evading anti-money laundering controls. However, not all researchers agree with this conclusion, and some experts believe that the existing evidence is insufficient to clearly identify the specific perpetrators of the exchange hack. This reflects the complexity of cryptocurrency attack attribution (blockchain tracing analysis). The Lazarus Group is known to use various technical means to breach the security defenses of exchanges and conduct cryptocurrency money laundering operations through a complex network of digital transactions.

Technical Means and Global Threats

The Lazarus Group has been confirmed to be connected to several high-profile cryptocurrency theft cases worldwide. The organization employs various advanced technological methods to breach the security defenses of exchanges and launder the stolen funds through a meticulously designed digital transaction network, often using mixers and other cryptocurrency laundering tools. The security protection and anti-money laundering risk control for cryptocurrency exchanges have become the focal point of the industry.

Conclusion

The tragic collapse of the Lykke exchange once again highlights the systemic threats posed by state-sponsored hacker organizations to the Crypto Assets ecosystem, as well as the extreme importance of exchange security measures (especially anti-hacker attack measures) and strict Compliance operations. Investors must pay attention to the security record, regulatory Compliance (such as whether they hold licenses from the UK's FCA, Switzerland's FINMA, etc.), and user asset protection mechanisms when choosing a platform. This incident also serves as a wake-up call for global Crypto Assets exchanges regarding security defense and regulatory collaboration.