Researcher Reveals Hidden $44 Million Hack of DWF Labs
In September 2022, the market maker DWF Labs was likely targeted in a cyberattack resulting in a loss exceeding $44 million, primarily in USDC and USDT stablecoins. The incident has not been publicly acknowledged by the company, according to on-chain analyst tanuki42.
Details of the September 2022 Breach
The breach is believed to be connected to a hacker group affiliated with North Korea, known as AppleJeus. The intrusion began on September 22, 2022, with the unauthorized emptying of one of DWF Labs' addresses.
Following the initial theft, funds started flowing into a single wallet from centralized exchanges, indicating that private keys and account credentials were compromised. The attack spanned over five hours, during which no measures were apparently taken to stop the outflow of assets.
Subsequent Theft and Laundering
On September 23, the attackers reportedly repeated the draining operation. The stolen tokens were swiftly converted into Bitcoin using the Ren Protocol bridge.
After lying inactive for months, the stolen Bitcoin began moving through the crypto mixer Mixero, suggesting efforts to obscure the trail of the theft.
“It’s likely that the market maker @DWFLabs was compromised in September 2022 by a DPRK-affiliated threat actor called AppleJeus, resulting in a theft of at least $44M+ composed predominantly of USDC and USDT. As of November 2025, DWF has not publicly confirmed any incident.” — tanuki42, November 4, 2025
Summary
- The hack started on September 22, 2022, targeting DWF Labs.
- Over $44 million in USDC and USDT were stolen.
- Funds were converted into Bitcoin via Ren Protocol.
- Bitcoin was later moved into mixer Mixero for laundering.
The sophistication and laundering methods imply North Korean group AppleJeus was likely behind the breach.
Author’s Summary
This undisclosed $44 million breach of DWF Labs in 2022 reveals sophisticated North Korean-linked hacking and laundering tactics, with no official company confirmation as of 2025.