DWF Institute claims to have lost $44 million due to North Korea’s AppleJeus-related hack

Market maker DWF Labs allegedly lost more than $44 million in a 2022 cyberattack by the North Korean-linked AppleJeus group.

The revelations come amid a wave of state-sponsored attacks targeting the cryptocurrency industry, with North Korean hackers attacking multiple platforms in recent years. This highlights that the sector remains vulnerable to advanced cybersecurity threats.

Suspicions of connection between DWF Institute and 2022 cyber attack emerge

In a recent post on X (formerly Twitter), on-chain researchers highlighted a breach that allegedly dates back to September 2022. The report revealed that the malicious actor targeted the address 0x3d67fdE4B4F5077f79D3bb8Aaa903BF5e7642751 and primarily stole USDC and USDT stablecoins.

“The compromised address (0x3d67f…) may be linked to DWF Labs through payments made prior to the incident,” the analyst said.

Prior to the breach, the same wallet was making transactions to Yield Guild Games’ treasury wallet, apparently for the purpose of selling OTC tokens. The acquired YGG tokens were later sent to a public address associated with DWF Labs.

Another transaction to MagnifyCash (formerly NFTY Finance) coincided with the announcement of a strategic partnership with DWF Labs’ project on September 15, 2022.

According to analysts, the hackers started exfiltrating address 0x3d67fd on September 22, 2022. They allegedly compromised both the private key and credential exchange.

“Despite the outflow continuing for many hours (12:04:59 a.m. to 5:59:11 a.m.), attempts to stop the outflow or save funds appear to have been unsuccessful. There was one further outflow transaction the following day, at 12:59:35 a.m. on September 23,” the analyst noted.

On-chain data showed that hackers moved stolen assets to Bitcoin (BTC) via the Ren protocol bridge. This laundering route is preferred by AppleJeus. After that, BTC remained mostly dormant.

However, funds were recently transferred through Mixero, a custodial Bitcoin mixer. Additionally, analysts noted that the stolen funds were later combined with proceeds from other high-profile breaches. This includes those affecting Deribit and Tower Capital.

“There are still some unspent BTC (currently worth over $30 million) related to this incident,” the post added.

Despite allegations from independent analysts and on-chain evidence, DWF Labs has not released any public statements regarding the alleged hacking.

“DWF hiding a $44 million hack? I can’t say I’m surprised,” commented cryptocurrency detective ZachXBT.

The growing threat of state-sponsored cryptocurrency attacks

Meanwhile, the broader cryptocurrency industry continues to face escalating threats from state sponsors. BeInCrypto previously reported that hackers linked to North Korea stole an estimated $2.83 billion in digital assets between 2024 and September 2025.

In fact, the country’s Lazarus Group was behind the industry’s biggest breach, the Bybit hack. In addition to targeting infrastructure, these attackers are also attempting to infiltrate Web3 companies by using fake identities to apply for jobs.

Recently, they have escalated their tactics of distributing malware through fake job offers. As North Korea-linked groups continue to hone their tactics, crypto platforms are facing increasing pressure to increase security and transparency across all their operations.

The post DWF Labs allegedly lost $44 million in North Korea’s AppleJeus-related hack appeared first on BeInCrypto.