## State-Backed Hackers Behind $23M Crypto Heist That Shut Down Major Exchange

The cyber unit linked to Pyongyang has struck again, this time targeting a major cryptocurrency platform and leaving thousands in losses. British Treasury sanctions officials confirmed that operatives from the Democratic People's Republic of Korea executed a sophisticated attack that toppled a UK-registered digital asset exchange, stealing roughly $22.8 million in Bitcoin and Ethereum in the process.

### How the Attack Unfolded and What Was Lost

The breach resulted in the theft of Bitcoin (BTC), currently trading around $88.13K, along with Ethereum (ETH) at approximately $2.98K, and numerous other digital assets. The successful infiltration forced the platform to halt all trading operations immediately, leaving customers unable to access their holdings. Israeli security researchers at Whitestream independently analyzed the attack and corroborated that Lazarus Group operatives—North Korea's most notorious cyber division—orchestrated the heist. Their investigation revealed that stolen funds were subsequently laundered through cryptocurrency services specializing in transaction obfuscation and sanctions evasion.

### The Founder's Role and Legal Consequences

Richard Olsen, founder of the targeted exchange and member of Switzerland's prominent Julius Baer banking family, established the platform in 2015 within Zug's "crypto valley" region. The company had positioned itself as a zero-fee trading alternative in the global market. Following the security breach, Olsen was declared bankrupt in January, while simultaneously facing criminal investigations in Swiss jurisdiction. The Swiss parent entity entered liquidation proceedings, marking a catastrophic end to the venture.

### Victims Fight for Recovery

Over 70 customers initiated court proceedings seeking compensation for their losses, with aggregate claims reaching £5.7 million. The Financial Conduct Authority had previously cautioned investors in 2023 that the exchange operated without proper UK authorization or registration—a red flag that preceded the eventual compromise. Trading ceased after the attack, and the platform officially ceased operations in December.

### Broader Pattern of North Korean Cyber Operations

This incident represents another chapter in Lazarus Group's extensive track record. The state-backed operation has systematically targeted digital asset platforms globally, accumulating billions in stolen cryptocurrency to fund weapons development programs and bypass international economic sanctions. Security researchers continue investigating the laundering mechanisms used to move these funds through blockchain networks, though some experts maintain that conclusive attribution requires additional technical evidence.