DWF Labs, a market-making firm active in crypto markets, has been linked to an alleged loss of $44 million in a hack that took place in September 2022.
According to on-chain investigators, the incident was not publicly disclosed by the firm at the time and only came to light after a detailed blockchain review.
DWF Labs: Alleged Attack And Method
Reports have disclosed that the attacker drained a wallet tied to DWF Labs and moved the funds through several on-chain steps.
The stolen holdings were mostly stablecoins — USDC and USDT — and were then converted into Bitcoin through the Ren bridge before being routed into a mixer called Mixero.
The pattern of transfers and the tools used are what led some analysts to suggest a link to the DPRK-associated AppleJeus group.
2/8 On 22nd September 2022, the address 0x3d67fdE4B4F5077f79D3bb8Aaa903BF5e7642751 started being drained. At the same time, withdrawals were made from many exchanges to the same address showing that both private keys and exchange account credentials were likely compromised. pic.twitter.com/7T7ek18SR4
— tanuki42 (@tanuki42_) November 4, 2025
On-Chain Evidence And Reactions
Based on reports, the investigation was driven by an analyst known as tanuki42 who flagged the wallet address and traced payments made to and from it before and after the alleged breach.
Other sleuths on X, including well-known chain trackers, began to comment and share findings. Some posts pointed to roughly $30 million in Bitcoin-valued pots that have not been touched since the transfers, raising questions about what the attacker intends to do next.
DWF Labs has not posted a public incident report or a formal acknowledgement of the claims.
What The Movement Looks Like
Money moved into centralized exchanges at certain points, which suggests private keys or exchange accounts may have been compromised during the event.
After conversion, the flow into a mixer makes it harder to follow the exact trail, but on-chain records show the sequence and timestamps that tie these steps to the September dates.
The way funds were handled is similar to other cases tied to state-linked threat actors, according to the analysts studying the chain.
Potential Impact And Next Steps
If the allegation is confirmed by an independent audit or by the firm itself, the fallout could affect counterparties and projects that relied on DWF Labs for liquidity.
Some forensic firms and trackers are poring over the dormant pots of Bitcoin that amount to about $30 million in current value, while exchanges and law-enforcement partners may be asked to help trace or freeze moves if they occur.
Investor confidence is part of the discussion now, because public trust depends on clear disclosure and rapid response once a breach is found.
Featured image from Unsplash, chart from TradingView
