North Korea’s notorious Lazarus Group has been blamed for a $22.8 million crypto heist that crippled UK-registered exchange Lykke, forcing its shutdown and triggering investor lawsuits.
The British Treasury’s sanctions office linked the state-backed hackers to thefts of Bitcoin, Ethereum, and other assets from Lykke, a Swiss-based platform once celebrated for its zero-fee trading model. The collapse adds to a global trail of Lazarus-led raids that have netted Pyongyang billions to fund weapons programs and evade sanctions — and leaves Lykke’s founder Richard Olsen facing bankruptcy, liquidation proceedings, and ongoing legal scrutiny in Switzerland.
British Treasury officials named the hermit kingdom’s cyber operatives in connection with the massive theft that ultimately forced the trading platform’s closure.
As per The Telegraph, Pyongyang has targeted digital asset platforms worldwide and generated billions in stolen funds to circumvent international sanctions and finance weapons development programs.
Swiss-based platform forced into liquidation
Richard Olsen, great-grandson of Swiss banking patriarch Julius Baer, founded Lykke in 2015. It operated from Switzerland’s “crypto valley” in Zug while maintaining UK registration.
The platform offered cryptocurrency trading without transaction fees before the attack forced operational suspension.
“The attack has been attributed to malicious Democratic People’s Republic of Korea cyberactors, who stole funds on both the Bitcoin and Ethereum networks,” the Treasury’s OFSI stated in its report.
The company lost Bitcoin (BTC), Ethereum (ETH), and other cryptocurrencies in the breach and was ultimately forced to halt trading operations.
Experts disagree over conclusions
Whitestream, an Israeli cryptocurrency research organization, also accused Lazarus of being responsible for the Lykke hack. They also claimed that the attackers laundered stolen funds through two cryptocurrency companies known for facilitating transaction obfuscation and circumventing money-laundering controls.
Other researchers disputed these conclusions, arguing that the current evidence is insufficient to identify the exchange hackers definitively.
The Financial Conduct Authority issued warnings about Lykke in 2023, noting that the company was neither registered nor authorized to offer financial services to consumers in the United Kingdom.
Despite promises to return customer funds, the platform froze trading after the hack and officially ceased operations in December.
Customers pursue recovery through liquidation
More than 70 customers brought a winding-up petition in UK courts and claimed losses totaling £5.7 million from the company’s closure.
Lykke’s Swiss parent company entered liquidation last year, while founder Richard Olsen was declared bankrupt in January.
British legal filings indicate Olsen faces criminal investigations in Switzerland, though he has not responded to media requests for comment.
Lazarus Group has been linked to numerous high-profile cryptocurrency heists globally. They use several techniques to breach exchange security and launder stolen funds through networks of digital transactions.
