QuillAudits analyzed Deribit’s November 2022 hot-wallet compromise, in which attackers drained about $28 million from BTC, ETH, and USDC hot wallets. Deribit paused withdrawals, said client assets and cold-storage addresses were unaffected, and covered the loss from company reserves. The source lists Deribit and attacker wallet addresses and notes that the public cause had not been confirmed, while describing possible hot-wallet compromise paths such as online malware, seed-phrase leakage, social engineering, or keyloggers. This source does not attribute the incident to Lazarus or another DPRK actor; it is best treated as cryptocurrency-exchange incident context unless supported by separate attribution evidence.