Market maker DWF Labs allegedly lost more than $44 million in a 2022 cyberattack attributed to the North Korea-linked AppleJeus group.
The revelation comes amid an ongoing wave of state-sponsored attacks targeting the crypto industry, with North Korean hacking groups striking multiple platforms over recent years. This highlights the sector’s ongoing vulnerability to sophisticated cybersecurity threats.
SponsoredAllegations Surface Linking DWF Labs to 2022 Cyberattack
In a recent post on X (formerly Twitter), an on-chain investigator highlighted a breach reportedly dating back to September 2022. The report revealed that the bad actors targeted the address 0x3d67fdE4B4F5077f79D3bb8Aaa903BF5e7642751, primarily stealing USDC and USDT stablecoins.
“The compromised address (0x3d67f…) can be linked to DWF labs by the payments which were made prior to the incident,” the analyst stated.
Before the compromise, the same wallet had made transactions to Yield Guild Games’ treasury wallet, apparently for an OTC token sale. The acquired YGG tokens were later sent to an address publicly associated with DWF Labs.
Another transaction to MagnifyCash (formerly NFTY Finance) coincided with DWF Labs’ announcement of a strategic partnership with the project on September 15, 2022.
According to the analyst, hackers began draining the address 0x3d67fd on September 22, 2022. They allegedly compromised both private keys and exchange credentials.
Sponsored“Despite the draining of funds lasting many hours (0:04:59AM – 5:59:11AM) seemingly no successful attempt was made to stop the drain or save funds. There was one even one further draining transaction the following day, 23rd Sep at 0:59:35AM” the analyst pointed out.
On-chain data showed the hackers moved the stolen assets through the Ren Protocol bridge to Bitcoin (BTC). This laundering route is favored by AppleJeus. The BTC then remained largely dormant.
However, recently, funds were transferred through Mixero, a custodial Bitcoin mixer. Furthermore, the analyst noted that the stolen funds were later combined with proceeds from other high-profile breaches. This included those affecting Deribit and Tower Capital.
“There is are still several large pots of BTC (now worth over $30 million+) which remain unspent related to this incident,” the post added.
Despite allegations and on-chain evidence from independent analysts, DWF Labs has not made any public statements regarding the alleged hack.
“DWF hiding a $44 million hack? Cannot say I’m surprised,” crypto sleuth ZachXBT commented.
Growing Threat of State-Sponsored Crypto Attacks
Meanwhile, the broader cryptocurrency industry continues to face escalating threats from state-sponsored actors. BeInCrypto previously reported that hackers linked to North Korea have stolen an estimated $2.83 billion in digital assets between 2024 and September 2025.
In fact, the country’s Lazarus Group was behind the industry’s largest breach, the Bybit hack. Beyond targeting infrastructure, these threat actors have also attempted to infiltrate Web3 companies by applying for jobs using falsified identities.
More recently, they have escalated their tactics by distributing malware through fake job offers. Thus, as North Korean-linked groups continue refining their tactics, crypto platforms face increasing pressure to strengthen security and transparency across all operations.
