Lykke Exchange Suffers $22 Million Security Breach: How Attackers Exploited Wallet Infrastructure on June 4

The cryptocurrency security landscape faced another significant challenge on June 4, 2024, when UK-based exchange Lykke disclosed a major security breach resulting in the theft of over $22 million in digital assets. The incident, which saw attackers drain 158 Bitcoin (BTC) and 2,161 Ethereum (ETH) from the exchange’s hot wallet, underscores the persistent vulnerabilities plaguing centralized cryptocurrency platforms even as the industry matures.

The Exploit Mechanics

According to the exchange’s official disclosure, the attack occurred on June 4, targeting Lykke’s wallet infrastructure directly. The attacker executed unauthorized withdrawals totaling approximately $22 million at prevailing market prices, with Bitcoin trading near $70,500 and Ethereum around $3,800 at the time of the breach. The stolen funds were moved to two specific wallet addresses: a Bitcoin address receiving 158 BTC and an Ethereum address receiving 2,161 ETH.

The breach was not immediately disclosed by Lykke itself. Instead, web3 security researcher operating under the pseudonym @somaxbt publicly revealed the incident on June 9, five days after the initial attack. The researcher noted that the exchange appeared to be attempting to conceal the security breach, stating that the Lykke team was “still trying to hide this fact” despite the significant losses incurred.

Only after the public disclosure did Lykke formally acknowledge the attack on June 10, confirming that both Lykke UK and Lykke Corp AG had suffered the infrastructure breach. The exchange stated that affected systems were “immediately shut down to limit damage” and that security breaches had been “thoroughly examined and fully addressed.”

Affected Systems

The attack specifically targeted Lykke’s hot wallet infrastructure, the component of an exchange’s system that maintains internet connectivity to facilitate real-time trading and withdrawals. Hot wallets, while essential for operational liquidity, represent the most vulnerable point in any exchange’s security architecture because they are inherently connected to the internet.

Following the breach, Lykke halted all withdrawals and deposits as a “preventive measure,” with the platform remaining “inactive until further notice” according to a notice posted on its website. The internal investigation reportedly identified the IP addresses of the attacker, though the exchange did not specify the exact technical vector used to compromise the wallet systems.

Lykke, founded by Richard Olsen, had marketed itself as a zero-fee cryptocurrency exchange, positioning its low-cost trading model as a competitive advantage. The breach raises questions about whether cost-cutting measures in exchange operations may have compromised security investments.

The Mitigation Strategy

In its public statement, Lykke emphasized its “solid capital reserves and a diverse portfolio” while assuring customers that “clients’ funds are safe and will be recovered.” The exchange pledged to work toward full reimbursement of affected users through its financial reserves.

However, the track record of exchange recovery promises in the cryptocurrency industry is mixed. While some platforms like DMM Bitcoin, which suffered a $300 million hack just days earlier on May 31, have committed to full reimbursement through capital raising efforts including a planned $320 million fundraising round, others have failed to deliver on similar promises.

Industry best practices for centralized exchange security include implementing multi-signature wallet architectures, maintaining the vast majority of funds in cold storage with only minimal liquidity in hot wallets, deploying real-time transaction monitoring systems, conducting regular penetration testing, and establishing insurance funds to cover potential losses. The scale of the Lykke breach suggests that one or more of these safeguards may have been inadequate.

Lessons Learned

The Lykke hack represents the second-largest crypto theft in Q2 2024, contributing to quarterly losses totaling $430 million across all crypto hacks and scams — more than double the $204 million lost in Q2 2023. June 2024 alone saw $48.7 million in losses with zero funds recovered.

Key takeaways from this incident include the critical importance of timely breach disclosure. The five-day delay between the attack and public acknowledgment erodes user trust and prevents other platforms from taking defensive measures. Additionally, the incident highlights that even smaller exchanges handling tens of millions in assets remain attractive targets for sophisticated attackers.

For users, the breach reinforces the fundamental principle that funds held on centralized exchanges remain subject to counterparty risk. Hardware wallets, multi-signature arrangements, and self-custody solutions continue to provide the strongest protection against exchange-level security failures.

User Action Required

Any individuals with funds on the Lykke platform should monitor official communications for updates on withdrawal restoration and reimbursement plans. Users across all centralized exchanges should review their custody arrangements, consider moving long-term holdings to cold storage, enable all available security features including two-factor authentication, and diversify across multiple platforms to limit exposure to any single point of failure. The Lykke breach serves as a timely reminder that in cryptocurrency, security is not a feature but a continuous practice.

Disclaimer: This article is for informational purposes only and does not constitute financial advice. Always conduct your own research before making investment decisions.