Lazarus Strikes Again: North Korea’s Cyber Gang Swipes $23M from UK Crypto Exchange Lykke

Another day, another crypto heist—this time with Pyongyang’s fingerprints all over it. The notorious Lazarus Group just added $23 million to their blockchain crime spree, draining funds from UK-based Lykke in a brazen digital smash-and-grab.

How’d they do it? Same old playbook. These guys could teach a masterclass in ‘How to Launder Your Dictator’s Nukes Fund’—complete with mixers, cross-chain hops, and the kind of opsec that makes regulators look like they’re still using dial-up.

Meanwhile in TradFi land… Banks are still charging $35 overdraft fees for lattes while hackers walk off with generations’ worth of wealth in 12 seconds flat. The future’s here—it’s just unevenly distributed (and poorly secured).

Crypto stolen through Lazarus and laundered through shady platforms

Lazarus was also separately identified as the attacker by Whitestream, an Israeli crypto research company. They tracked the funds and said the hackers cleaned the money through two crypto companies that are widely known for helping users hide their tracks.

“They moved the funds using platforms that basically ignore money-laundering rules,” Whitestream said. These mixers and unregulated exchanges made it hard to follow the trail.

However, not everyone agrees. Some researchers argue that there’s not enough solid proof to point directly to North Korea. They claim it’s still too early to say for sure who breached the platform.

Lykke, the company hit by the hack, was founded in 2015 by Richard Olsen, a descendant of Swiss banking legend Julius Baer. It ran operations out of Zug, Switzerland—also known as “crypto valley”—but its corporate registration was in the UK.

Lykke promised commission-free trading and attracted a good chunk of retail users, but things spiraled after the attack. The company announced the $22.8 million loss last year, and despite saying it could recover user funds, it froze trading and shut down by December 2023.

UK court liquidated the firm as customers fought back

In March 2025, a UK court ordered Lykke to be liquidated after over 70 users took legal action to recover their funds. These customers said they had lost £5.7 million when the platform stopped operating.

Interpath Advisory was brought in to handle the asset distribution and clean up the mess. The Swiss parent firm also entered liquidation last year.

Before the hack, the UK’s Financial Conduct Authority had already warned about Lykke in 2023, saying the company wasn’t licensed to offer services to British consumers. That red flag wasn’t enough to stop users from investing, and once the heist happened, Lykke’s UK arm couldn’t keep up with claims.

Richard was declared bankrupt in January 2025 and is now being investigated in Switzerland for possible criminal wrongdoing, according to filings from British courts.

His company’s fall is now part of a bigger story—one where North Korea keeps grabbing crypto to keep its regime afloat, no matter who gets burned in the process.

The smartest crypto minds already read our newsletter. Want in? Join them.