DWF Labs Allegedly Lost $44 Million in Hack Tied to North Korea’s AppleJeus

Market maker DWF Labs allegedly lost more than $44 million in a 2022 cyberattack connected to the North Korea-linked AppleJeus group. This incident underscores the ongoing wave of state-sponsored attacks targeting the crypto industry, which have compromised multiple platforms over recent years. The attack highlights the sector’s vulnerability to sophisticated cybersecurity threats.

In a recent post on X (formerly Twitter), an on-chain investigator shed light on a breach reportedly dating back to September 2022. The targeted address 0x3d67fdE4B4F5077f79D3bb8Aaa903BF5e7642751 primarily lost USDC and USDT stablecoins.

"The compromised address (0x3d67f…) can be linked to DWF Labs by payments made prior to the incident," the analyst stated. Before the breach, the wallet had recently transacted with Yield Guild Games’ treasury wallet, apparently in exchange for OTC tokens. The acquired YGG tokens were later sent to an address publicly associated with DWF Labs.

A subsequent transaction involved MagnifyCash (formerly NFTY Finance), coinciding with DWF Labs’ announcement of a strategic partnership on September 15, 2022. Hackers reportedly compromised the wallet's private keys and exchange credentials on September 22, 2022 and began draining funds in a prolonged attack lasting until September 23, 2022.

The analyst noted that despite the hours-long draining process (from 0:04:59AM to 5:59:11AM), no apparent intervention was made to halt the breach or secure the funds. A further draining transaction occurred the next day at 0:59:35AM on September 23, 2022.

On-chain evidence showed that hackers moved the stolen assets via the Ren Protocol bridge to Bitcoin (BTC). This laundering method is a known tactic of the AppleJeus group, with the stolen BTC remaining largely dormant initially. More recently, funds were moved through Mixero, a custodial Bitcoin mixer. Additionally, stolen funds were combined with proceeds from other high-profile breaches, including those targeting Deribit and Tower Capital.

"There are still several large pots of BTC (worth over $30 million) that remain unspent related to this incident," the post added.

Despite independent analysts providing on-chain evidence, DWF Labs has yet to issue any public response to the alleged $44 million hack. The lack of transparency has drawn criticism from the crypto community.

"DWF hiding a $44 million hack? Cannot say I’m surprised," commented crypto sleuth ZachXBT in reaction to the allegations.

The case of DWF Labs reflects a broader concern: the ever-growing threats to the crypto industry from state-sponsored actors. Reports indicate that North Korea-linked hackers have stolen an estimated $2.83 billion in digital assets between 2024 and September 2025.

One of the most prominent groups, the Lazarus Group, was responsible for major incidents, including the Bybit hack. Beyond targeting crypto platforms, North Korean threat actors have attempted to infiltrate Web3 companies by submitting falsified job applications. Recently, they escalated these attacks by distributing malware through fake job offers.

As these hacking groups continue refining their techniques, the crypto industry faces mounting pressure to bolster security measures and transparency across their operations.