UK Crypto Exchange Lykke Shuts Down After $23 Million Hack Linked to North Korea’s Lazarus Group

UK-registered cryptocurrency exchange Lykke has permanently closed its doors following a catastrophic hack that siphoned off $23 million, an attack that authorities have tied to North Korea’s notorious Lazarus Group. The breach, which targeted both Bitcoin and Ethereum networks, left thousands of retail investors facing devastating losses and scrambling to recover what remained through liquidation proceedings.

Founded in Switzerland in 2015, Lykke had promoted itself as a zero-fee trading platform with a sleek and accessible interface, drawing users from across the globe. The company expanded its footprint into the UK to bolster its European operations, quickly building a reputation for fast execution and an easy-to-use system. But the hack abruptly halted its trajectory, forcing the suspension of trading and ultimately leading to the company’s liquidation.

The Office of Financial Sanctions Implementation (OFSI) confirmed that the attack was carried out by “Korean malicious cyber actors,” attributing it to broader state-backed campaigns by North Korea to generate funds for strategic programs through the theft of digital assets. With the stolen cryptocurrency unrecovered, Swiss and UK regulators have been coordinating efforts to oversee the winding-up process and assess what remains of Lykke’s balance sheet.

Legal consequences quickly followed. More than 70 customers filed lawsuits alleging combined losses amounting to £5.7 million. UK courts subsequently ordered the liquidation of the company and appointed Interpath Advisory to manage the distribution of any available assets. Richard Olsen, the founder of Lykke, declared bankruptcy in January 2025 and is now under criminal investigation in Switzerland. Although the company repeatedly pledged to restore access to funds, operations were never restarted, leaving investors empty-handed and underscoring the ongoing vulnerabilities even among platforms with years of experience in the sector.

Further evidence of the attackers’ trail emerged through Whitestream, an Israeli blockchain intelligence firm, which confirmed Lazarus’ involvement. Analysts tracked the stolen cryptocurrency as it moved through a network of exchanges and services designed to obscure the origins of funds. By swapping Ether into DAI stablecoins and routing Bitcoin through a web of wallets, the hackers managed to evade conventional anti-money laundering checks. While attribution to North Korean operatives has been strongly supported by these findings, some cybersecurity specialists urge caution, pointing out that linking hacks to state-backed groups requires persistent monitoring and extensive verification.

If definitively verified, this would represent the Lazarus Group’s largest theft targeting a UK-based exchange, adding to a long list of high-profile heists that have collectively generated billions for Pyongyang. Industry observers note that the collapse of Lykke is a stark reminder of the immense risks inherent in the crypto economy. Despite the promise of innovative platforms and frictionless trading, the attack illustrates just how exposed digital exchanges remain to sophisticated cyber threats. Analysts stress that such incidents highlight the urgent need for stronger security practices and clearer regulatory structures, even as the adoption of digital assets continues to accelerate worldwide.

By fLEXI tEAM