- Lykke exchange lost $22.8M worth of digital assets to a hack by the Lazarus Group.
- The UK Court ordered Lykke’s liquidation after 70+ user lawsuits seeking $5.7M in lost funds.
- In March 2025, the Lazarus Group had attacked ByBit via smart contract manipulation.
Lykke, a UK-registered exchange, lost over $22.8 million worth of Bitcoin, Ethereum, and other digital assets to Lazarus Group, a North Korea-based hacker group. The UK Treasury’s Office of Financial Sanctions Implementation (OFSI) later stated that the attack had been “attributed to malicious Korean cyber actors, who stole funds on both the Bitcoin and Ethereum networks.” This turned the case sensational, as it was the largest crypto theft in the UK, thereby raising serious concerns about gaps in sanctions enforcement and cross-border financial regulation.
A Platform Crippled by Hack and Legal Fallout
With its base in Zug, Switzerland, Lykke had operated from the UK without a license and had promoted zero-fee trading. However, in 2023, the Financial Conduct Authority (FCA) had warned it lacked permission to provide financial services to British consumers.
Following the security breach, the firm had halted its trading. In March of this year, a UK judge ordered liquidation after legal claims by over 70 users sought recovery of £5.7 million in losses. Interpath Advisory was appointed to distribute the remaining funds to affected customers, while the Swiss parent company also entered liquidation proceedings.
Founder Richard Olsen, a descendant of Swiss banking patriarch Julius Baer, faced bankruptcy in January 2025. Swiss authorities opened a criminal investigation into Olsen, according to British court filings. His company’s collapse followed years of regulatory tension and financial losses triggered by the hack.
Attribution to Lazarus and Competing Assessments
The OFSI report directly named North Korean cyber actors, without revealing the sources, but linked the theft to state-backed hacking operations. Whitestream, an Israeli blockchain analytics company, also connected the breach to Lazarus, claiming stolen assets were laundered through two cryptocurrency firms.
Still, some cybersecurity researchers said attribution remains uncertain, arguing that complex laundering techniques obscure definitive links. Despite this, OFSI’s statement remains the strongest official position, marking one of the few instances where a Western government formally assigned blame to North Korean hackers.
Business Insider reported that Lazarus, also called Trader Traitor, has used cybercrime to evade sanctions and fund nuclear weapons programs. In early 2025, the FBI and blockchain firm TRM Labs attributed a $1.5 billion hack of Bybit, a Dubai exchange, by the same group, which was attributed by Bybit as the “largest exploit on record,” that was carried out using advanced malware and smart contract manipulation.
Related: Lazarus Group Targets Crypto Devs Using U.S. Companies
Global Enforcement Struggles Against Cyber Theft
As the cryptocurrency ecosystem is borderless, pseudonymous, and lightly regulated, unlike traditional markets, it attracts sanctioned actors to bypass restrictions, like the Lykke case. According to the Financial Times, U.S. authorities classified the country as having over $620 million in crypto thefts during 2022 alone, while close numbers suggest Lazarus stole $1.34 billion in 2023. According to U.S. Treasury sanctions reports, these funds are allegedly funneled into Pyongyang’s nuclear and missile programs.
The Lykke hack is a warning sign as it shows how state-backed cybercriminals exploit weak oversight, uneven sanctions, and digital finance systems. Without urgent action, such crimes will grow and threaten global security. As authorities continue to trace stolen transfers, one question remains pressing: Can international sanctions and regulatory frameworks quickly adapt to stop state-backed hackers from exploiting the digital economy?
