Market maker DWF Labs reportedly lost more than $44 million in a 2022 cyberattack by the North Korea-linked group AppleJeus.
The revelation comes amid a series of state-sponsored attacks on the crypto industry, with North Korean hacker groups targeting multiple platforms over the years, highlighting the industry’s chronic vulnerability to sophisticated cyber threats.
Allegations link DWF Labs to 2022 cyberattack
In a recent post on X (formerly Twitter), an on- chain investigator highlighted a breach that allegedly occurred back in September 2022. The report revealed that the bad actor targeted address 0x3d67fdE4B4F5077f79D3bb8Aaa903BF5e7642751, primarily stealing stablecoins USDC and USDT.
“The compromised address (0x3d67f…) can be linked to DWF Labs through payments made before the incident,” the analyst said .
Before being compromised, the same wallet made a transaction to Yield Guild Games' treasury wallet, apparently for an over-the-counter Token trade. The purchased YGG Token were then sent to an address publicly associated with DWF Labs .
Another deal to MagnifyCash (formerly NFTY Finance) coincided with DWF Labs ' announcement of a strategic partnership with the project on September 15, 2022.
According to the analyst, the hackers started withdrawing funds from the 0x3d67fd address on September 22, 2022. They are believed to have compromised both private keys and exchange credentials.
“Although the withdrawal lasted for several hours (04:04:59 AM – 5:59:11 AM), there appears to have been no successful attempt to prevent the outflow or protect assets. There was another withdrawal the following day, September 23 at 0:59:35 AM,” the analyst pointed out.
On chain data shows that the hackers moved the stolen assets via the Ren Protocol bridge to Bitcoin (BTC). This money laundering route is favored by the AppleJeus group. The BTC then remained largely unused.
However, recently, the funds were moved through Mixero, a custodial Bitcoin mixer. Furthermore, the analyst noted that the stolen funds were then combined with proceeds from other high-profile breaches, including those affecting Deribit and Tower Capital.
“There is still a large amount of BTC (currently worth over $30 million) that has not been used in connection with this incident,” the post added.
Despite the allegations and on- chain evidence from independent analysts, DWF Labs has not made any public statements regarding this alleged hack.
“DWF is hiding a $44 million hack? Not surprising at all,” crypto sleuth ZachXBT commented .
The Growing Threat of State-Sponsored Cryptocurrency Attacks
Meanwhile, the broader cryptocurrency industry continues to face escalating threats from state-sponsored actors. BeInCrypto previously reported that hackers linked to North Korea stole approximately $2.83 billion in digital assets between 2024 and September 2025.
In fact, the country’s Lazarus group was behind the industry’s biggest breach, the Bybit hack . In addition to targeting infrastructure, these threat actors also attempted to infiltrate Web3 companies by applying for jobs with fake identities.
More recently, they have escalated their tactics by spreading malware through fake job offers. As North Korea-linked groups continue to refine their tactics, crypto platforms are under increasing pressure to improve security and transparency in all operations.
