Lazarus Group Launders $3.2 Million in Solana Theft via Ethereum

Generated by AI AgentCoin World
Sunday, Jun 29, 2025 4:16 pm ET1min read
BTC
--
ETH
--
SOL
--

The Lazarus Group, a notorious cybercriminal organization linked to North Korea, has been identified as the perpetrator behind a $3.2 million cryptocurrency theft. The incident, which occurred on May 16, involved the theft of

Solana
assets. The stolen funds were quickly transferred to the
Ethereum
network, where they were laundered through Tornado Cash, a privacy tool known for its ability to obscure the origin and ownership of cryptocurrency transactions.

On-chain analyst ZachXBT, renowned for tracking blockchain crime, provided detailed insights into the hack. ZachXBT's investigation revealed that on June 25 and June 27, the hackers deposited 400 ETH each into Tornado Cash. This move was part of a broader strategy to conceal the stolen funds and make them difficult to trace. The use of Tornado Cash is a common tactic employed by the Lazarus Group to launder stolen cryptocurrency, making it challenging for investigators to follow the money trail.

The Lazarus Group has a history of targeting cryptocurrency platforms and has been linked to several high-profile hacks. Earlier this year, ZachXBT uncovered evidence connecting the group to the $1 billion Bybit hack. In that incident, the stolen tokens were exchanged for

Ether
, a pattern similar to the recent Solana hack. The group's preference for Ether and
Bitcoin
is due to the lack of a central authority that can freeze transactions, making these cryptocurrencies attractive for money laundering.

Unlike centralized exchanges (CEXs), which have strict compliance regulations and can freeze suspicious wallets, the Lazarus Group prefers decentralized exchanges (DEXs) for laundering stolen funds. DEXs do not require identity verification, making it easier for hackers to move funds without detection. This strategy complicates investigations and allows the group to evade asset freezes and other regulatory measures.

The recent hack has raised concerns within the Ethereum and Solana ecosystems about the robustness of existing security systems. The use of Tornado Cash and DEXs highlights the need for more advanced security measures and compliance tools to combat state-sponsored cybercriminal activities. The incident serves as a reminder that the cryptocurrency community must remain vigilant and adapt to the evolving tactics of sophisticated hackers.

The victim of the recent hack has not been identified, but the process of stealing and laundering funds follows a familiar pattern: stealing tokens, exchanging them for Ether, and using Tornado Cash and DEXs to launder the money. This incident underscores the ongoing threat posed by the Lazarus Group and the need for enhanced security measures to protect digital assets from state-sponsored attacks.