How a £17M Crypto Hack Took Down Lykke Exchange and Why North Korea Is Accused
Share
Key Takeaways
Lykke exchange lost up to $23 million in a June 2024 hack, leading to its shutdown and liquidation.
The UK Treasury attributes the attack to North Korea’s Lazarus Group, a state-sponsored hacking unit.
The UK’s first crypto exchange liquidation sets a precedent for creditor action.
Recovery efforts continue, but full repayment remains unlikely, urging stronger security measures.
Crypto adoption is moving fast. Faster than regulators, faster than most businesses, and certainly faster than security teams can keep up. However, this comes with a cost: attacks follow right behind.
In June 2024, Lykke, a small UK exchange, was breached. Hackers stole $19.5 million (and up to $23 million due to volatility) in digital assets, roughly £17 million at the time. For Lykke, the blow was fatal. Investors were wiped out. The company collapsed not long after.
The trail did not stop at the exchange. Investigators followed it further and the UK Treasury’s Office of Financial Sanctions Implementation (OFSI) found a familiar name: Lazarus Group, North Korea’s notorious hacking unit.
Cryptoasset heist | Source: OFSI Crypto Assets
The same crew linked to bank heists, ransomware, and earlier crypto raids. This time, their work destroyed a business. And it wasn’t just about money anymore. It became a matter of international security.
Regulators treated the case differently and courts did too. For the first time, a crypto hack by a state-backed team forced governments to face a bigger problem: what happens when nation-states use crypto crime as a weapon?
This article explains the story and its implications.
How Lykke Exchange Was Compromised
The breach first happened on June 4, 2024. Unusual activity was detected inside Lykke’s systems, as reported by SomaXBT.
Attack detection | Source: SomaXBT on X
However, the damage was already done when this was noticed, and millions in assets had been drained.
Lykke tried to respond quickly. The frozen withdrawals and the company announced new cybersecurity checks. But confidence had already collapsed.
Try Our Recommended Crypto Exchanges
Sponsored
Disclosure
We sometimes use affiliate links in our content, when clicking on those we might receive a commission at no extra cost to you. By using this website you agree to our terms and conditions and privacy policy.
Users were uneasy, and the exchange’s long-standing lack of transparency did not help. Lykke had not published financial statements since 2020, leaving many wondering what was happening behind the scenes.
The final blow came months later. On December 6, 2024, the exchange collapsed. This event triggered a series of legal and financial consequences.
In January 2025, founder Richard Olsen filed for personal bankruptcy.
By March 26, 2025, a UK court ordered Lykke into liquidation, formally marking the end of the exchange.
North Korea’s Role in the Lykke Exchange Attack
In August 2025, the OFSI officially linked the hack to North Korean cyber actors, specifically the Lazarus Group.
Warning | Source: CryptoSangeet
Lazarous group operates under North Korea’s intelligence bureau and has one clear goal: raise funds for the country’s nuclear and missile programs.
To do this, they have turned crypto theft into a revenue stream using methods including rapid money laundering via no know your customer (KYC) platforms.
Chainalysis has tracked billions stolen through their operations, making them one of the most dangerous state-backed cyber units in the world.
Why the Lykke Hack Matters for the Crypto Industry
Lykke’s downfall shines a light on the dangers small crypto exchanges might face:
Weak security: With just $2.5 million in monthly trading volume before the hack, Lykke did not invest in world-class protection. Cyvers reported that most crypto hacks in 2023–2024 came from private key leaks, the weakness that likely doomed the platform. Smaller exchanges on tight budgets are often prime targets for hacker groups like Lazarus.
Legal first in the UK: Lykke’s liquidation became the first for a UK-based crypto exchange. More than 70 creditors, represented by Niedermann Rechtsanwälte, used the Insolvency Act 1986 to secure provisional liquidators on March 20, 2025, followed by a winding-up order days later. CFAAR praised the process as a cost-effective recovery model, marking a legal benchmark for future digital insolvency cases.
Regulatory failures: Lykke operated without a UK license and had already earned Financial Conduct Authority (FCA) warnings in 2023.
Lykke warning | Source: FCA
With $2.17 billion stolen across crypto platforms in the first half of 2025 alone, regulators are focusing on compliance and security.
Hacks in 2024 and 2025 | Source: DeFi Llama
Lykke’s story is about a failed exchange and the risks of cutting corners on security and compliance. Other small platforms may face the same fate without stronger defenses, mandatory audits, and proper licensing.
What the Lykke Exchange Collapse Teaches the Industry About Recovery and Future Security
Recovering from Lykke’s hack looks uncertain. Interpath Advisory controls about $68 million in assets, but full repayment for users is unlikely.
Creditors have formed groups, pursuing class actions with Baker McKenzie.
At the same time, Match Systems traces stolen funds, though much has already vanished into hidden wallets.
Founder Richard Olsen, “the crypto grandpa,” said he would compensate customers, but those claims now seem doubtful.
The hack delivers clear lessons. Exchanges must adopt multi-party computation (MPC) wallets, which split a private key into multiple encrypted parts, while also running audits and securing cyber insurance.
Users should rely on hardware wallets, 2FA, and self-custody, reinforcing the old warning: “not your keys, not your crypto.”
Lykke was a UK-registered company, but it also operated from Switzerland’s “crypto valley” in Zug.
As a result, in 2025, the Swiss Financial Market Supervisory Authority (FINMA) and the FCA introduced more rigid rules, pressing firms toward stronger compliance.
At the same time, decentralized finance (DeFi) platforms gained ground as more users shifted away from centralized exchanges (CEXs).
The Lykke hack is only part of a bigger and more troubling picture. In July 2025, Google sent an urgent alert to more than 2 billion Gmail users about a large-scale phishing campaign. Reports linked the activity to North Korean state-backed hackers, with some experts pointing to the Lazarus Group.
These attacks relied on fake login pages and spoofed emails to steal credentials. The threat now stretches far beyond crypto.
How malware is distributed | Source: TheHackersNews
Small platforms are easy targets, but even tech giants like Google are raising alarms. The harsh truth is clear: state-backed cybercrime is not just about stolen coins; it threatens the entire online world.
Conclusion
The Lykke hack exposed how fragile smaller crypto exchanges remain in the face of advanced cybercrime. A $23 million breach forced the platform into liquidation and left creditors scrambling, setting a UK legal first. Investigations linked the attack to North Korea’s Lazarus Group, showing how stolen crypto fuels global threats.
For users, the case proves once again that weak security, no audits, and lack of insurance can be fatal. Centralized exchanges without strong protections will continue to be prime targets, while regulators now demand tougher compliance and oversight.
The lessons are clear: firms must build stronger defenses, adopt tools like MPC wallets, and maintain transparency. Users should not depend on promises but instead take control of their assets with hardware wallets and self-custody. Lykke’s collapse is a warning, not just for exchanges, but for the broader digital economy.
Dr. Lorena Nessi is an award-winning journalist and media technology expert with 15 years of experience in digital culture and communication. Based in Oxfordshire, UK, she combines academic insight with hands-on media practice.
She holds a PhD in Communication, Sociology, and Digital Cultures, and an MA in Globalization, Identity, and Technology.
Lorena has taught at Fairleigh Dickinson University, Nottingham Trent University, and the University of Oxford. She is a former producer for the BBC in London, with additional experience creating television content in Mexico and Japan.
Her research focuses on digital cultures, social media, technology, capitalism, and the societal impact of blockchain innovation.
She has written extensively on digital media and emerging technologies, with her work featured in both academic and media platforms. Her Web3 expertise explores how blockchain technologies shape culture, economics, and decentralized systems.
Outside of work, Lorena enjoys reading science fiction, playing strategic board games, traveling, and chasing adventures that get her heart racing. A perfect day ends with a relaxing spa and a good family meal.
Easy 
