Key Takeaways
- DWF Labs allegedly lost $44 million in a 2022 cyberattack linked to AppleJeus.
- Stolen stablecoins were converted to Bitcoin and recently moved through Mixero.
- The case underscores the growing threat of state-backed crypto hacks and the need for greater industry transparency.
DWF Labs Reportedly Lost $44 Million in North Korea-Linked Hack
Market maker DWF Labs allegedly suffered a $44 million cyberattack in September 2022, reportedly orchestrated by AppleJeus, a North Korean-linked threat group. On-chain investigators claim stolen stablecoins were later converted into Bitcoin, left untouched for months, and recently laundered through the Mixero platform.
Despite the mounting evidence, DWF Labs has not publicly acknowledged the breach, raising questions about how transparent leading crypto firms are about security incidents.
On-Chain Evidence Connects Wallets to DWF Labs
According to blockchain analyst reports, the attack targeted the address which allegedly held USDC and USDT tied to DWF Labs’ transactions. Prior to the hack, the wallet made payments to Yield Guild Games and MagnifyCash, both of which had public partnerships with DWF Labs.
Investigators claim hackers drained funds over several hours on September 22, 2022, without any visible response to stop the outflow. The attackers allegedly compromised both private keys and exchange credentials, suggesting deep operational breaches.
Hackers moved the stolen assets through the Ren Protocol bridge, converted them to Bitcoin, and left them dormant until late 2025—when investigators traced the funds through Mixero, a custodial mixer used for obfuscation.
North Korea’s Expanding Cyber Footprint
This alleged attack fits a larger pattern of state-sponsored crypto heists attributed to North Korean groups like AppleJeus and Lazarus. Between 2024 and September 2025, North Korean hackers reportedly stole over $2.8 billion in digital assets, with major incidents targeting Bybit, Tower Capital, and Deribit.
Also Read: What Is a Crypto Wallet?
These groups have increasingly used advanced infiltration techniques, including fake job offers and malware-laced applications, to compromise crypto firms. Their operations show no signs of slowing down, placing mounting pressure on Web3 companies to improve cyber defenses and disclose breaches transparently.
Conclusion
Whether or not DWF Labs officially confirms the breach, the on-chain evidence paints a troubling picture for crypto’s security landscape. As North Korean cyber operations evolve, the industry faces a pressing challenge: balance innovation with uncompromising transparency and defense.
