The latest report from the UK Treasury points the finger at the North Korean hacker group Lazarus Group, identifying them as the culprits behind the collapse of the cryptocurrency trading platform Lykke. The cyber attack, which occurred in 2024, involved an amount as high as $22.8 million, approximately £17 million, directly sending this long-established Swiss exchange, which had operated for nearly a decade, into the grave.
The methodology of this attack was quite sophisticated. After the hackers succeeded, they did not cash out directly but instead transferred the illicit funds to two cryptocurrency mixing platforms that specialize in 'cleaning' money, successfully evading regulatory radar through complex financial flows. An independent investigation by the Israeli security company Whitestream reached the same conclusion, but there are differing opinions in academia, as tracing cyber attacks is inherently a technical task, and it is indeed very difficult to definitively determine the identity of the attackers.
The tragedy of Lykke is not an isolated case. A United Nations report shows that North Korea has amassed billions of dollars in cryptocurrency through various cyber attacks over the years, with the money ultimately flowing into their nuclear weapons program. The Lazarus Group, as North Korea's most active hacker organization, has expanded its attack targets from traditional banks to emerging fields such as DeFi protocols and the NFT market, employing increasingly sophisticated tactics.
This incident has sounded the alarm for the entire industry. Small and medium-sized trading platforms have limited resources and often struggle to invest in security, making them prime targets for hackers. Compared to larger platforms, these smaller ones have obvious shortcomings in security teams, technical architecture, risk management, and other areas. The collapse of Lykke starkly reminds us that in the risky field of cryptocurrency, security investment cannot be neglected.
From a regulatory perspective, this incident has exposed the flaws in international cooperation mechanisms. The fact that North Korean hackers were able to successfully attack a UK-registered platform and transfer funds through a complex money laundering network indicates that countries need to strengthen coordination in combating cross-border cybercrime. Only by establishing a more robust international cooperation mechanism can we effectively respond to such transnational cyber threats.
The assets of more than 70 users have turned to dust, and the UK court has ruled for the liquidation of Lykke this March. If it is ultimately confirmed that this is indeed the largest-scale cryptocurrency theft case carried out by North Korea in the UK, it will become an important case in the history of cryptocurrency security, reminding all practitioners that security must be prioritized.