North Korea’s Lazarus Group Strikes Again: $23M Crypto Heist from UK’s Lykke in 2025
- How Did Lazarus Pull Off the $23M Lykke Heist?
- Why Was Lykke a Sitting Duck?
- The Nuclear Connection: How Stolen Crypto Funds North Korea
- Could This Have Been Prevented?
- FAQs: The Lazarus-Lykke Fallout
In one of the boldest crypto thefts of 2025, North Korea’s infamous Lazarus Group allegedly siphoned $23 million from UK-based Lykke, marking their biggest British target to date. The stolen funds, laundered through shady crypto platforms, are suspected to fuel Pyongyang’s nuclear ambitions. Meanwhile, Lykke’s collapse triggered a legal firestorm, leaving users scrambling for recovery. Here’s the full breakdown of how Lazarus outmaneuvered regulators—and why crypto mixers remain their getaway car.
How Did Lazarus Pull Off the $23M Lykke Heist?
The UK’s Office of Financial Sanctions Implementation (OFSI) pinned the 2024 attack on “malicious DPRK cyberactors,” with blockchain sleuths tracing the looted Bitcoin and ethereum to Lazarus—a group notorious for bankrolling Kim Jong-un’s missile tests. Whitestream, an Israeli analytics firm, exposed the money trail: hackers funneled funds through two notorious “mixer” services that blatantly ignore anti-money laundering (AML) rules. “These platforms are like digital witness protection programs,” quipped a BTCC analyst. Despite the smoking gun, some researchers argue the evidence isn’t airtight, highlighting the murkiness of crypto forensics.
Why Was Lykke a Sitting Duck?
Founded in 2015 by Swiss banking heir Richard Olsen, Lykke operated from Zug’s “Crypto Valley” but registered in the UK—a red flag the FCA waved as early as 2023. The exchange’s promise of commission-free trading lured retail investors, but its lax security made it a soft target. When Lazarus struck, Lykke froze $22.8 million in user assets, then spiraled into insolvency by December 2023. “It was a classic ‘too good to be true’ scenario,” noted a TradingView market strategist. By March 2025, a UK court liquidated the firm after 70+ users sued to recover £5.7 million in losses.
The Nuclear Connection: How Stolen Crypto Funds North Korea
Pyongyang’s crypto raids are no petty crime spree—they’re a survival tactic. UN reports estimate Lazarus has stolen over $3 billion since 2017, with proceeds bankrolling 40% of the regime’s WMD program. This heist fits the playbook: target mid-tier exchanges with weak KYC, then launder through platforms like Tornado Cash (sanctioned by the US in 2022). “For North Korea, crypto isn’t speculative—it’s existential,” a CoinMarketCap insider observed. The Lykke loot likely bought missile parts, not mansions.
Could This Have Been Prevented?
Absolutely. Lykke ignored three critical warnings: the FCA’s 2023 license alert, known vulnerabilities in hot wallet storage, and Lazarus’s preference for Swiss-based exchanges. Meanwhile, mixers continue operating in regulatory gray zones. “Until governments treat crypto laundering like bank heists, Lazarus will keep winning,” argued a Chainalysis report. Post-hack, Olsen faced Swiss criminal probes—a cautionary tale for crypto founders cutting corners.
FAQs: The Lazarus-Lykke Fallout
How much did Lazarus steal from Lykke?
Lazarus allegedly stole $22.8 million in Bitcoin and Ethereum from Lykke in 2024, per OFSI and Whitestream data.
What happened to Lykke after the hack?
Lykke froze withdrawals, entered UK liquidation in March 2025, and saw its Swiss parent collapse. Founder Richard Olsen declared bankruptcy in January 2025.
Is North Korea really behind crypto hacks?
Yes—the UN and US Treasury attribute billions in crypto thefts to state-backed groups like Lazarus, with funds funneled into weapons programs.
