Market Maker DWF Reportedly Suffered Heavy $44M Crypto Hack Linked to North Korea’s AppleJeus
Crypto market maker DWF Labs has allegedly suffered a linked to North Korea’s Lazarus Group. The breach, which dates back to 2022 but has only recently come to light, is believed to have originated from the AppleJeus malware — a common cyberweapon used by North Korean actors to infiltrate trading and financial firms.
While has yet to release an official statement confirming the extent of the losses, sources state that the exploit targeted company systems through compromised trading software. The revelation is another reminder of the ongoing vulnerabilities in crypto market infrastructure, even among high-volume liquidity providers handling billions in transactions.
Allegations Link DWF Labs to The AppleJeus Malware
In a , an investigator reportedly traced the DWF Labs attack to the AppleJeus malware strain, first documented by the U.S. Department of Justice in 2018. The malware has been used by the Lazarus Group, a North Korea–backed hacking collective responsible for several major exploits, including the Axie Infinity Ronin Bridge hack and Harmony’s Horizon Bridge breach.
In this case, cybersecurity analysts believe the attackers deployed a phishing-laced trading application, which enabled remote access to DWF’s internal wallets and systems. Once access was established, funds were siphoned off through intermediary wallets and privacy mixers to obscure the money trail. Blockchain analytics firms tracking the movement of the stolen assets have reportedly flagged addresses tied to previous Lazarus-related operations.
Although DWF Labs has not officially commented, the company has reportedly strengthened its internal cybersecurity protocols, including tighter wallet segregation, multi-signature custody, and third-party audits.
North Korea’s Lazarus Group Continues to Infiltrate Crypto Platforms
The DWF case adds to a growing list of high-profile hacks connected to North Korea’s cyber operations. U.S. and international law enforcement agencies estimate that the has stolen over $3 billion in digital assets over the past five years, using proceeds to fund Pyongyang’s weapons programs and evade global sanctions.
Several security firms, including Elliptic and sluggishMist, have warned that Lazarus-linked actors continue to evolve their tactics, often posing as legitimate software vendors or liquidity partners to embed malicious code into trading infrastructure. The use of AppleJeus, disguised as a business or analytics tool, has been particularly effective at infiltrating professional environments with minimal suspicion.
From a regulatory perspective, the case is expected to bolster efforts to formalize cybersecurity standards across crypto firms, particularly those with systemic exposure such as market makers, , and stablecoin issuers.
Still, if confirmed, the DWF Labs hack will mark one of the largest targeted exploits against a crypto liquidity provider. However, the firm’s operational status remains stable for now, and no client-side losses have been reported.
