It's likely that the market maker DWFLabs was compromised in September 2022
Contents
1/8 It's likely that the market maker @DWF Labs was compromised in September 2022 by a DPRK-affiliated threat actor called AppleJeus, resulting in a theft of at least $44M+ composed predominantly of USDC and USDT.
As of November 2025, DWF has not publicly confirmed any incident.
2/8 On 22nd September 2022, the address 0x3d67fdE4B4F5077f79D3bb8Aaa903BF5e7642751 started being drained. At the same time, withdrawals were made from many exchanges to the same address showing that both private keys and exchange account credentials were likely compromised.
3/8 Despite the draining of funds lasting many hours (0:04:59AM - 5:59:11AM) seemingly no successful attempt was made to stop the drain or save funds. There was one even one further draining transaction the following day, 23rd Sep at 0:59:35AM.
4/8 The funds were quickly laundered through the @Ren bridge to Bitcoin where they predominantly lay dormant for a long time. More recently, funds associated with this incident …
As of November 2025, DWF has not publicly confirmed any incident.
2/8 On 22nd September 2022, the address 0x3d67fdE4B4F5077f79D3bb8Aaa903BF5e7642751 started being drained. At the same time, withdrawals were made from many exchanges to the same address showing that both private keys and exchange account credentials were likely compromised.
3/8 Despite the draining of funds lasting many hours (0:04:59AM - 5:59:11AM) seemingly no successful attempt was made to stop the drain or save funds. There was one even one further draining transaction the following day, 23rd Sep at 0:59:35AM.
4/8 The funds were quickly laundered through the @Ren bridge to Bitcoin where they predominantly lay dormant for a long time. More recently, funds associated with this incident …