North Korea’s Lazarus Group accused of $23 million crypto theft from UK’s Lykke

North Korea has been accused of stealing £17 million in Bitcoin from Lykke, a crypto trading platform registered in the UK. The hack forced the company to freeze trading, shut down operations, and later get liquidated in court.

The UK’s Office of Financial Sanctions Implementation, part of the Treasury, blamed “malicious Democratic People’s Republic of Korea cyberactors” for the theft, according to a report from The Telegraph. The attack hit both Bitcoin and Ethereum networks.

The cyber gang behind the heist is believed to be Lazarus, the same North Korean hacking group linked to multiple major crypto attacks around the world. If confirmed, this would be their biggest crypto theft from any British target so far.

The stolen money is suspected to be part of Pyongyang’s broader effort to fund its nuclear weapons program and military projects, with billions already funneled through past crypto raids.

Crypto stolen through Lazarus and laundered through shady platforms

Lazarus was also separately identified as the attacker by Whitestream, an Israeli crypto research company. They tracked the funds and said the hackers cleaned the money through two crypto companies that are widely known for helping users hide their tracks.

“They moved the funds using platforms that basically ignore money-laundering rules,” Whitestream said. These mixers and unregulated exchanges made it hard to follow the trail.

However, not everyone agrees. Some researchers argue that there’s not enough solid proof to point directly to North Korea. They claim it’s still too early to say for sure who breached the platform.

Lykke, the company hit by the hack, was founded in 2015 by Richard Olsen, a descendant of Swiss banking legend Julius Baer. It ran operations out of Zug, Switzerland—also known as “crypto valley”—but its corporate registration was in the UK.

Lykke promised commission-free trading and attracted a good chunk of retail users, but things spiraled after the attack. The company announced the $22.8 million loss last year, and despite saying it could recover user funds, it froze trading and shut down by December 2023.

UK court liquidated the firm as customers fought back

In March 2025, a UK court ordered Lykke to be liquidated after over 70 users took legal action to recover their funds. These customers said they had lost £5.7 million when the platform stopped operating.

Interpath Advisory was brought in to handle the asset distribution and clean up the mess. The Swiss parent firm also entered liquidation last year.

Before the hack, the UK’s Financial Conduct Authority had already warned about Lykke in 2023, saying the company wasn’t licensed to offer services to British consumers. That red flag wasn’t enough to stop users from investing, and once the heist happened, Lykke’s UK arm couldn’t keep up with claims.

Richard was declared bankrupt in January 2025 and is now being investigated in Switzerland for possible criminal wrongdoing, according to filings from British courts.

His company’s fall is now part of a bigger story—one where North Korea keeps grabbing crypto to keep its regime afloat, no matter who gets burned in the process.

Source