North Korea-linked hackers are accused of stealing £17m in cryptocurrency from Lykke, a trading platform registered in the UK. The theft occurred last year and affected Bitcoin, Ethereum, and other cryptocurrencies.
Lykke stopped trading, and a UK judge ordered the company to be wound up in March after many users pressed for action.
Officials from the Treasury’s Office of Financial Sanctions Implementation say the attack was tied to cyber actors from the Democratic People’s Republic of Korea. Investigators say the funds were then routed through services known to obscure transactions.
Who is to blame?
The group named as a likely culprit is Lazarus, a hacking gang long linked to Pyongyang in North Korea. A recent OFSI report pointed to DPRK cyber actors. The Treasury stated that OFSI did not disclose its sources but collaborated with law enforcement on the findings.
An Israeli crypto researcher, Whitestream, also pointed to Lazarus in its own analysis. Some other researchers say the evidence is not yet conclusive.
Also Read: US Officials Seize $7.7M In Crypto From North Korean Hackers Posing As IT Freelancers
How the hack played out?
Lykke said it lost $22.8m, about £16.8m, in various cryptocurrencies. The attackers moved the stolen coins through at least two firms that are known for weak anti-money laundering controls.
That movement made it harder for authorities to trace the money, and Lykke froze trading after the theft and later shut down operations. Customers who lost funds mounted legal action, and the court ordered liquidation.
Impact on customers and the firm
More than 70 users joined a campaign against the company, and they say they are out a total of £5.7m after the shutdown. Interpath Advisory was named to handle the distribution of whatever funds remain.
Lykke’s Swiss parent company went into liquidation last year, and the platform’s founder, Richard Olsen, reported bankruptcy in January and faces criminal probes in Switzerland, according to UK legal filings.
Conflicting views among experts
Not all analysts agree on who carried out the attack, and some say blockchain tracing is not yet precise enough to pin the theft on a single actor.
Others point to patterns of behaviour and money flows that match previous DPRK-linked operations. The mix of technical evidence and judgment has left the question open for now.
A wider risk for the crypto sector
North Korean hacking teams have been blamed for several big crypto heists in recent years as the regime seeks funds for its military and weapons programs. Those operations often rely on covert exchanges and services that let users erase traces.
UnoCrypto earlier reported in February 2025 that North Korean hackers took advantage of Bybit to steal more than $1.44 billion in Ethereum (ETH), making it the victim of the biggest breach in the history of digital assets.
Additionally, DMM Bitcoin, a Japanese exchange, has said that it would be closing its doors and moving all of its assets and client accounts to SBI VC Trade Co., Ltd, after a $320 million hack by North Korean hackers
Also, WazirX was the target of a serious attack. In July 2024, UnoCrypto reported, North Korean hackers hacked the Indian crypto exchange WazirX and stole over $234 million.
In 2022, Ronin Network was hack for $615 million by North Korean hackers, leaving the crypto industry stunned,
Background on Lykke
Lykke launched in 2015 and ran from Zug in Switzerland, a hub often called crypto valley. Its corporate registration was in Britain. The UK’s Financial Conduct Authority warned in 2023 that the platform was not authorised to offer consumer financial services in the UK.
Lykke had promoted trading with no transaction fees, and after the hack, it said it would try to return funds but halted all trading and later closed down.
Victims are still seeking restitution. The liquidator will try to recover and distribute any remaining assets. Regulators and law enforcement will continue to examine blockchain records and follow the money.