Lazarus Strikes Again: Crypto Platform Hit with $23 Million Heist

The notorious Lazarus Group from North Korea has been linked to a cryptocurrency heist totaling $22.8 million, causing the downfall of the UK-registered exchange Lykke and resulting in its closure along with numerous lawsuits from investors.

The British Treasury’s sanctions office has attributed the theft of Bitcoin, Ethereum, and other assets to these state-sponsored cybercriminals, impacting Lykke, a previously esteemed Swiss-based trading platform known for its zero-fee services. This event adds to the extent of the Lazarus Group’s global operations, which have reportedly enabled Pyongyang to accumulate billions to fund its military programs and evade international sanctions. Additionally, it threatens Lykke’s founder, Richard Olsen, with bankruptcy, as he faces liquidation and legal scrutiny in Switzerland.

Officials from the British Treasury have confirmed that the cyber operatives from the isolated nation are responsible for the significant theft that led to Lykke’s demise.

As reported by The Telegraph, North Korea has targeted digital asset exchanges worldwide, amassing billions from stolen funds to circumvent international sanctions and finance weapons development.

Swiss-based platform in liquidation

Launched in 2015 by Richard Olsen, a descendant of the renowned Swiss banking figure Julius Baer, Lykke was situated in Switzerland’s “crypto valley” in Zug while holding UK registration.

The platform enabled cryptocurrency trading without transaction fees until the cyberattack halted its operations.

The Treasury’s OFSI noted, “The attack has been associated with malicious cyber actors from the Democratic People’s Republic of Korea, who misappropriated funds from both Bitcoin and Ethereum networks.”

The company sustained losses in Bitcoin (BTC), Ethereum (ETH), and other cryptocurrencies during the breach, ultimately leading to the suspension of its trading activities.

Conflicting expert views

Whitestream, an Israeli cryptocurrency research firm, has also implicated Lazarus in the Lykke hack, suggesting that the attackers laundered the stolen assets through two cryptocurrency companies known for circumventing regulations against money laundering.

In contrast, other analysts have disputed these assertions, claiming that there is insufficient evidence to definitively ascertain the culprits behind the exchange breach.

The Financial Conduct Authority raised concerns regarding Lykke in 2023, highlighting that the company was neither registered nor authorized to offer financial services to consumers in the UK.

Despite promises to return customer funds, the platform froze its trading operations after the hack and officially ceased all activities in December.

Customers pursue recovery through liquidation

More than 70 customers have filed a winding-up petition in UK courts, claiming losses totaling £5.7 million due to the company’s closure.

Lykke’s Swiss parent company entered liquidation last year, while founder Richard Olsen was declared bankrupt in January.

UK legal documents indicate that Olsen is under criminal investigation in Switzerland; however, he has not responded to media requests for comment.

The Lazarus Group has been associated with numerous high-profile cryptocurrency thefts globally, employing various techniques to infiltrate exchange security and launder stolen assets through complex digital transaction frameworks.