November 6, 2025 — In a striking revelation for the crypto-market ecosystem, independent on-chain researchers report that DWF Labs, a prominent digital-asset market-maker, appears to have been the victim of a sophisticated hack that started in September 2022, allegedly orchestrated by the North Korea-linked threat actor AppleJeus, resulting in losses of at least US$44 million.
What Happened to DWF Labs
According to the analysis published by on-chain investigator “tanuki42”, the intrusion began on 22 September 2022, when one of DWF Labs’ wallet addresses was drained of funds, primarily in stablecoins (USDC/USDT). The transfers then migrated through cross-chain bridges into Bitcoin, and later into a mixing service, indicating a well-executed laundering process.
The alleged attacker group is AppleJeus, a hacking toolkit historically linked to the North Korean state. The linkage is made on the basis of wallet-behaviour, transaction patterns, and use of mixing services consistent with prior AppleJeus-linked incidents.
As of November 2025, DWF Labs has not publicly confirmed the incident or issued detailed disclosures.
Scale and Timing
- Losses are estimated at “at least US$44 million”.
- The bulk of the funds were in USDC and USDT, rather than volatile tokens.
- The attack reportedly involved wallet compromise and stealth withdrawal over many hours, with no recorded interruption of the withdrawal flow by DWF Labs.
- A portion of the stolen assets remains dormant, while some movement into the mixing service (Mixero) has been detected.
Implications for the Crypto Ecosystem
The incident raises several concerns for industry participants and regulators alike:
- Market-maker risk: Entities like DWF Labs play a key role in providing liquidity and facilitating trading in the crypto markets. A breach of this magnitude could impact trust, liquidity flow, and counter-party risk perceptions.
- State-sponsored cyber-threats: The alleged involvement of a North Korea-linked actor highlights the intersection between geopolitical risk and crypto-asset security.
- Asset flows and laundering: The movement of stolen funds across chains and into mixers underlines ongoing challenges in tracking illicit flows, despite improved on-chain surveillance.
- Disclosure and transparency: The absence of a public acknowledgement by DWF Labs raises questions about disclosure standards for crypto-service providers. Investors and counterparties may demand more rigorous incident reporting frameworks.
- Regulatory scrutiny: Authorities will likely increase focus on service-provider security, AML (anti-money-laundering) controls, and the resilience of market infrastructure in crypto.
This alleged US$44 million hack of DWF Labs (when paired with signs of AppleJeus involvement) serves as a stark reminder that even sophisticated market-infrastructure firms are not immune from cyber‐threats. For the wider crypto economy, the incident underscores the need for improved transparency, stronger controls, and awareness of how geopolitical actors can exploit digital-asset systems.
While the full facts and any remediation remain to be confirmed, the episode should serve as a wake-up call for all participants: in an asset-class defined by borderless, digital flows, security, trust and resilience are critical.
Your Trades. Our Priority. Hotcoin.
Hotcoin Official Site: https://www.hotcoin.com
Hotcoin Twitter: https://x.com/HotcoinGlobal
Hotcoin Telegram: https://t.me/HotcoinEX
Hotcoin Chinese Twitter: https://x.com/hotcoinzh
Hotcoin Chinese Community: https://t.me/hotcoinglobalcn
Hotcoin YouTube: https://www.youtube.com/@hotcoinglobal