The North Korea-linked hacker group Lazarus is back in the spotlight. On May 16, 2025, over $3.2 million was drained from multiple wallets on the Solana blockchain. The stolen assets were quickly bridged to Ethereum and a portion was laundered through Tornado Cash.
According to blockchain analyst ZachXBT, who publicly reported the incident, the exploit bears all the hallmarks of Lazarus’ operations. The group has previously been linked to massive crypto thefts, including the $1.5 billion Bybit hack earlier in 2025.
💸 From Solana Wallets to Ethereum and into Tornado Cash
Attackers began by emptying several Solana-based wallets – such as the known address "C4WY…e525" – then bridged the funds to Ethereum. On June 25 and again on June 27, they sent 400 ETH per transaction into Tornado Cash, totaling $1.6 million, to obscure the trail.
Another $1.25 million in DAI and ETH remains idle in wallet "0xa5…d528", likely waiting for future laundering or left inactive to avoid detection.
🕵️♂️ Phishing, Bridges, Mixers: A Familiar Modus Operandi
Active since 2017, Lazarus has earned its reputation as the most prolific state-backed cybercrime group. Their playbook often begins with phishing or malware infiltration, followed by exploiting smart contract vulnerabilities or wallet flaws. Once funds are acquired, they are swiftly converted into liquid assets, split across multiple wallets, and laundered via decentralized exchanges and cross-chain bridges.
Tornado Cash is central to their laundering tactics. Despite facing U.S. sanctions in 2022, the decentralized protocol’s immutability and distributed hosting allowed it to survive. In January 2025, a U.S. appeals court reversed the sanctions, citing free speech protections, effectively reviving the tool's usage – including by Lazarus.
⚠️ Crypto Laundering Remains a Major Threat
While regulators and exchanges are increasingly flagging suspicious addresses, the speed and complexity of Lazarus operations continue to outpace enforcement. This latest heist demonstrates how mixers like Tornado Cash remain highly effective at obscuring the movement of stolen funds.
Experts warn that the remaining funds in "0xa5…d528" could soon be moved, possibly in another round of laundering unless intercepted.
#LazarusGroup , #CryptoSecurity , #solana , #TornadoCash , #CyberSecurity
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
