Lazarus Group Allegedly Steals £17 Million from UK Crypto Exchange Lykke

Highlights:

• The UK’s Financial Authorities accused North Korea’s Lazarus Group of stealing £17 million from Lykke.
• Lykke halted operations, faced liquidation, and its founder was declared bankrupt in January. 
• The hack shows geopolitical crypto risks, pressuring regulators to tighten global rules.

North Korea’s notorious Lazarus Group is suspected of taking $22.8M (£17 million) in crypto from Lykke, a cryptocurrency exchange based in the UK. The breach, which happened on June 4 last year, forced Lykke to stop trading, pause all operations, and ultimately undergo court-ordered liquidation. The stolen assets included Bitcoin, Ethereum, and other cryptocurrencies. Lykke officially shut down in December and filed for bankruptcy.

Lykke, a UK-registered crypto trading platform, suffered a hack last year, resulting in the loss of approximately $22.8 million worth of Bitcoin, Ethereum, and other assets. The UK government attributed the attack to the North Korean hacker group Lazarus. The company was…

— Wu Blockchain (@WuBlockchain) August 18, 2025

Britain’s Office of Financial Sanctions Implementation (OFSI) said the attackers hit both Bitcoin and Ethereum networks, according to The Telegraph. They siphoned off millions and transferred the funds via platforms known for poor anti-money laundering safeguards. The Treasury noted that OFSI collaborated closely with law enforcement throughout the investigation.

Crypto Exchange Lykke Shuts Down After Major Cyberattack and Legal Battles

Lykke was founded in 2015 as a successor to Swiss banking pioneer Julius Baer. It quickly gained attention for offering zero-fee cryptocurrency trading from Switzerland’s Crypto Valley. Despite an impressive launch, the company halted operations after a cyberattack. Customers were left unable to access their funds. The Telegraph reported that over 70 customers affected by the loss filed a legal case in UK courts, claiming a total of $7.66 million (£5.7M). 

on June 4, @lykke CTX got exploited and lost $19.5 million worth crypto assets but team still trying to hide this fact

BTC (158 btc)
bc1qt64756h9aylujm9tpk826zndegpxtngmr6eqad

ETH (2161 eth)
0x9172a72f5009ca609833819763A2722e53806443 pic.twitter.com/bT4TaQLukY

— SomaXBT (@somaxbt) June 9, 2024

In March, a court ruled for Lykke’s liquidation and tasked Interpath Advisory with overseeing and distributing the remaining assets. Its Swiss parent company also went into liquidation, and founder Richard Olsen was declared bankrupt in January. Court documents further show that Olsen is under criminal investigation in Switzerland, although he has not made any public statements.

Israeli crypto analytics company Whitestream also attributed the Lykke hack to the Lazarus Group. They claimed the stolen funds were laundered through two crypto companies known for hiding transactions and avoiding anti-money-laundering rules. Other researchers said the evidence is still not strong enough to conclusively identify who carried out the hack. 

About a year before the cyberattack, the UK’s Financial Conduct Authority warned that crypto exchange Lykke lacked authorization to serve British customers. Despite this warning, many users still invested, and when the theft happened, Lykke’s UK branch could not handle the resulting claims.

North Korea-Linked Lazarus Hack Highlights Global Crypto Risks

If verified, the Lykke hack would be North Korea’s largest crypto fraud aimed at the UK. Earlier this year, the Lazarus Group carried out the $1.5 billion hack of the crypto exchange ByBit. Cybersecurity specialists from Cyvers have also connected Lazarus to the July 19 attack on India’s CoinDCX exchange, which resulted in a $44 million loss.

The case also shows the global political side of cryptocurrency. Countries like North Korea exploit blockchain’s anonymous design to bypass sanctions. This creates pressure on regulators to improve rules and enforcement. The UK publicly linking the Lykke hack to the Lazarus Group is an important move toward holding state-backed hackers responsible.