DWF Labs is suspected to have been breached by North Korean hackers AppleJeus, resulting in a loss of $44 million. ZachXBT: not surprising.

On-chain researcher tanuki42 disclosed that the well-known market maker DWF Labs was allegedly hacked by the North Korean hacker group AppleJeus in September 2022, resulting in a loss of at least 44 million USD, primarily in stablecoins such as USDC and USDT. It is worth noting that DWF Labs has yet to publicly acknowledge this incident. On-chain detective ZachXBT replied: DWF is hiding a hacker attack worth 44 million USD? I'm not surprised.

Suspected DWF Labs wallet continues to withdraw to North Korean hacker address.

tanuki42 pointed out that on September 22, 2022, at midnight, the blockchain address 0x3d6 began to continuously withdraw funds, while multiple withdrawals from exchanges flowed into the same address, indicating that the hacker had both the private key and the exchange account credentials. The withdrawal actions lasted from 0:04 AM to 5:59 AM, lasting nearly six hours, but there seemed to be no effective prevention or fund protection measures; the next day, on September 23, ( at 0:59 AM, another withdrawal record appeared.

The modus operandi is consistent with the North Korean hacker AppleJeus.

The stolen funds were subsequently transferred to the Bitcoin network through the cross-chain bridge Ren Protocol, with most of the funds remaining idle for a long time until recently, when part of the funds flowed into the Bitcoin mixer Mixero. On-chain analysis indicates that AppleJeus consistently utilizes cross-chain protocols such as Ren Protocol and GardenFi to transfer funds between Ethereum and Bitcoin, and this route is highly consistent with their past methods.

Subsequent analysis revealed that the funds involved in this incident were mixed with funds from multiple AppleJeus hacking cases, including Deribit, Tower Capital, and Radiant Capital, further strengthening their correlation.

Various signs indicate that the hacked address belongs to DWF Labs.

Before the funds were stolen, the involved address 0x3d67f… had made multiple payments to various project treasuries. One of the transactions was sent to the Yield Guild Games )YGG( treasury wallet, suspected to be an OTC purchase of YGG coins, after which the YGG coins were transferred to a publicly labeled wallet address of DWF Labs.

In addition, on September 15, 2022, the address also made a payment to MagnifyCash ) formerly known as NFTY Finance( vault. On the same day, DWF Labs announced a strategic partnership with NFTY, indicating that there is indeed an intersection of funds between the two. As of now, researchers have tracked multiple Bitcoin addresses related to this case, with a total amount exceeding 30 million USD, and the funds remain idle.

This article suggests that DWF Labs was allegedly hacked by North Korean hackers AppleJeus, resulting in a loss of 44 million. ZachXBT: Not surprising. First appeared in on-chain news ABMedia.