Nikolas Sargeant
The UK Treasury has officially attributed the $23 million cryptocurrency theft that destroyed British startup Lykke to North Korea's notorious Lazarus Group, marking one of the most significant state-sponsored crypto attacks targeting a British platform.
Lykke, a cryptocurrency trading platform incorporated in the United Kingdom, suffered the devastating security breach last year that resulted in the theft of 158 Bitcoin and 2,161 Ethereum tokens. The attack ultimately forced the exchange into court-ordered liquidation in March following legal action by affected users seeking recovery of their funds.
According to a recent report by The Telegraph, the British Treasury's sanctions office has formally accused the Lazarus Group of orchestrating the sophisticated heist. The Office of Financial Sanctions Implementation (OFSI) worked closely with law enforcement agencies to reach this attribution conclusion.
"The attack has been attributed to malicious Democratic People's Republic of Korea cyber actors, who stole funds on both the Bitcoin and Ethereum networks," the OFSI stated in their official assessment.
Potentially Largest North Korean Crypto Attack on UK
If confirmed, this incident would represent North Korea's largest cryptocurrency fraud specifically targeting British financial infrastructure. The Lazarus Group has demonstrated escalating ambitions in 2024, successfully executing what investigators believe to be a $1.5 billion theft connected to cryptocurrency exchange Bybit earlier this year.
Cybersecurity experts from blockchain analytics firm Cyvers have also connected the Lazarus Group to the July 19 attack on Indian cryptocurrency exchange CoinDCX, which compromised approximately $44 million in digital assets.
These stolen cryptocurrency proceeds are widely suspected to support Pyongyang's nuclear weapons development and broader military programs, with billions of dollars already redirected through previous cryptocurrency raids conducted by North Korean state-sponsored actors.
Investigation Confirms Attribution Despite Skepticism
Israeli cryptocurrency investigation firm Whitestream has independently confirmed Lazarus Group involvement in the Lykke theft, supporting the UK Treasury's official attribution. Investigators determined that attackers successfully laundered the stolen funds through two additional cryptocurrency companies, effectively circumventing standard anti-money laundering controls.
However, some cybersecurity researchers have challenged these conclusions, arguing that definitive attribution remains premature given the sophisticated nature of modern cryptocurrency laundering techniques.
Founded in 2015, Lykke operated from Switzerland while maintaining UK registration status. The platform differentiated itself by offering cryptocurrency trading services without transaction fees, attracting users seeking cost-effective digital asset trading.
The exchange faced regulatory scrutiny in 2023 when the UK's Financial Conduct Authority issued warnings about Lykke's unregistered cryptocurrency product offerings to British consumers, highlighting compliance concerns that preceded the eventual security breach.
The attribution of this attack to the Lazarus Group reinforces growing concerns about state-sponsored cryptocurrency theft targeting Western financial institutions, as North Korean cyber operations continue expanding their scope and sophistication in pursuit of sanctions evasion funding mechanisms.
