On-chain analysts disclosed that the crypto market maker DWF Labs is suspected to have suffered a major cyberattack in September 2022, resulting in losses of up to $44 million. The attack is linked to the North Korean hacker organization AppleJeus, which has previously carried out multiple nation-state cyberattacks targeting the crypto industry. The stolen stablecoins were subsequently converted into Bitcoin (BTC) and transferred via the Mixero mixing service. As of November 2025, DWF Labs has not issued any public statement regarding the incident, raising questions about its transparency and security.
DWF Labs Suspected of Attack by AppleJeus, Losses Exceed $44 Million
On-chain security researchers revealed on X (formerly Twitter) that DWF Labs was targeted by the North Korean hacker organization AppleJeus in September 2022. The attacker compromised address 0x3d67fdE4B4F5077f79D3bb8Aaa903BF5e7642751, stealing a large amount of USDC and USDT stablecoins.
The researcher noted: “This victim address can be directly linked to DWF Labs through transaction history prior to the attack.” According to on-chain data, DWF Labs used this wallet to transfer funds to the vault wallet of Yield Guild Games (YGG) for OTC token purchases. Subsequently, these YGG tokens were sent to a publicly associated address controlled by DWF Labs.
Additionally, on September 15, 2022, DWF Labs announced a strategic partnership with MagnifyCash (formerly NFTY Finance), and the same attack address conducted transactions with that project on the same day, further strengthening the connection.
Attack Details: Private Key Leakage and Multiple Fund Transfers
On-chain data shows that the attacker began transferring assets on September 22, 2022, employing methods such as private key leakage and compromised exchange login credentials.
Funds were stolen continuously over several hours (from 12:04 AM to 5:59 AM), with no successful intervention. Early the next morning (September 23, 2022, at 12:59 AM), an additional transfer occurred.
The stolen assets were then bridged via Ren Protocol to the Bitcoin network, a common “money laundering route” used by AppleJeus hackers. These BTC remained dormant for an extended period until recently being detected as transferred again through the Mixero platform.
Researchers also pointed out that these funds were later mixed with assets stolen from other incidents involving Deribit and Tower Capital to further obscure traces. Currently, over $30 million worth of Bitcoin remains unused.
Despite clear on-chain evidence, DWF Labs has yet to respond publicly, prompting widespread skepticism within the industry. Noted crypto investigator ZachXBT commented, “DWF hiding $44 million being hacked? I’m not surprised at all.”
North Korean Hacker Organization Continues Threats to Global Crypto Industry
This incident highlights the ongoing vulnerabilities in the crypto industry’s cybersecurity. According to a BeInCrypto report, from 2024 to September 2025, North Korean hacker groups have stolen approximately $2.83 billion in digital assets worldwide.
The most notable group is Lazarus, which has orchestrated several major attacks, including breaches of centralized exchanges. These hackers target not only crypto infrastructure but also disguise infiltration of Web3 companies through fake job applications, phishing emails, and malware, expanding their attack scope.
In recent years, North Korean hackers have employed increasingly sophisticated techniques, from social engineering to on-chain mixing and money laundering, demonstrating high technical capabilities. This poses unprecedented challenges to the risk management systems and regulatory transparency of the entire crypto sector.
Industry Impact and Security Lessons
The alleged hacking of DWF Labs serves as a reminder for crypto institutions:
- Multi-signature and cold wallet separation remain the primary measures to prevent fund theft;
- Timely monitoring of on-chain abnormal transactions is crucial for detecting potential threats;
- Transparent and open information disclosure mechanisms can effectively maintain investor trust;
- Reviewing transaction histories of partners and project wallets can reduce supply chain attack risks.
Additionally, this incident has prompted regulators to re-examine Market Maker security management systems. As institutional funds continue to flow into crypto, transparency and compliance are becoming essential thresholds for industry survival.
Conclusion
The rumors of DWF Labs suffering a $44 million hack reveal underlying security vulnerabilities and opacity issues within the crypto industry. As nation-state cyberattacks become more frequent, companies that continue to neglect security and compliance will face even greater trust crises. To counteract evolving tactics by North Korean and other hacker groups, strengthening on-chain tracking, enhancing internal risk controls, and increasing security transparency will be key to the sustainable development of the crypto ecosystem.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
A certain CEX’s Bitcoin whale inflows for the first time since June 2025 fell below $3 billion
CryptoQuant analyst Amr Taha noted that a major Bitcoin whale inflow to a certain CEX platform first fell below $3 billion; the market value of long-term holders recovered to $49 billion, while short-term holders fell to -$54 billion. This indicates that weak hands are distributing Bitcoin, while long-term holders are re-absorbing it.
GateNews9m ago
Bitcoin Falls Below $71,000, Down 2.65% Over 24 Hours
Gate News message, April 12, market data shows that Bitcoin fell below $71,000, with a 24-hour drop of 2.65%.
GateNews19m ago
BTC 15-minute chart slightly down 0.57%: leveraged long positions passively cut risk and macro sentiment disturbances drive volatility
2026-04-12 12:45 to 13:00 (UTC), the BTC price range was 71081.7 to 71493.2 USDT, with an amplitude of 0.58%. Within 15 minutes, the return recorded was -0.57%. During the period of unusual activity, market volatility increased somewhat, risk sentiment warmed up, and overall attention rose; however, there was no extreme surge in volume or a sudden drop in liquidity.
The main driver behind this unusual activity is that, under the leverage structure, long positions were reduced passively. Recently, the funding rate for perpetual contracts turned from negative to positive. Leverage among longs in the market accumulated; the price dipped slightly, triggering liquidations of some leveraged long positions and sell orders for position closures, resulting in
GateNews20m ago
BTC 跌破 71000 USDT
Gate News bot 消息,Gate 行情显示,BTC 跌破 71000 USDT,现价 70969.4 USDT。
CryptoRadar22m ago
This 'Space Invaders' Clone Game Pays Real Bitcoin—If You're Skilled, Lucky or Rich
In brief
A new game based on the arcade classic Space Invaders will let one person earn a real Bitcoin reward.
To claim the reward ,they must destroy 10,000 BTC worth of transactions that mirror actual activity on the blockchain.
The winner will earn a 10,000 sats bounty, valued
Decrypt40m ago
Michael Saylor 再次发布比特币 Tracker 信息,或预告 Strategy 增持 BTC
Gate News update, April 12, Strategy founder Michael Saylor again shared information related to the Bitcoin Tracker, and said "Think ₿igger". According to the previously observed pattern, Strategy typically discloses information about additional Bitcoin purchases on the second day after the related news is released.
GateNews1h ago
