The incident of over 3.2 million USD stolen from multiple Solana wallets on May 16, 2025, quickly attracted the attention of cryptocurrency investigators due to clear signs linking it to the Lazarus Group, a hacking organization believed to be connected to North Korea. The entire amount of stolen assets was rapidly converted to Ethereum via cross-chain bridges before a portion was laundered through Tornado Cash. This article will provide a detailed analysis of how the Lazarus Group operated in this attack, the conversion and laundering processes through Blockchain networks, and offer insights based on expert analysis and practical experience to help readers understand the dangers and preventive measures in the cryptocurrency world.
Analyzing the attack that drained over 3 million USD from Solana wallets
On May 16, 2025, several Solana wallet addresses were breached, and the tokens inside were immediately drained. This assets were converted via bridges to the Ethereum network before a large portion was forwarded to Tornado Cash to obscure the trail. Blockchain researchers noted that this was not a simple attack but bore the distinctive marks of the Lazarus Group – a hacking group closely linked to North Korea.
The rapid detection of large transactions from the wallet address 'C4WY…e525' on Solana helped the cryptocurrency community and cybersecurity analysts promptly alert about criminal activities and program tracking of stolen funds. These transactions are not only technically complex but also involve large-scale cross-chain conversions.
How the Lazarus Group operates in the Solana withdrawal case
The Lazarus Group employs attack techniques to exploit vulnerabilities in smart contracts or hot wallets to control the victims' assets. After seizing cryptocurrency, they use Cross-Chain bridges to transfer assets from Solana to Ethereum, leveraging the high liquidity of ETH to easily convert into other coins or cash.
Next, a large portion of the ETH is sent to Tornado Cash, a coin mixing tool that helps hide transaction history and is hard to trace. The transactions of 400 ETH on June 25 and 27, amounting to nearly 1.6 million USD, demonstrate this group's complex and professional money laundering tactics.
Lazarus Group – one of the most dangerous cryptocurrency hacking groups
Since 2017, the Lazarus Group has been regarded as the most notable state-sponsored cryptocurrency hacking organization, involved in numerous large-scale thefts amounting to billions of USD. They are known for their sophisticated tactics such as phishing, using malware to infiltrate systems, and exploiting vulnerabilities in Smart Contracts as well as electronic wallets to commit crimes.
With extensive experience and deep expertise in Blockchain, Lazarus not only conducts individual attacks but also builds complex, multi-chain money laundering systems that are difficult to detect. Tornado Cash is their main tool that allows this group to launder money effectively, despite being banned by the United States since 2022.
Money laundering tactics through Tornado Cash and decentralized services
Despite being subjected to sanctions, Tornado Cash continues to operate due to the decentralized and immutable nature of Blockchain, making it difficult for authorities to completely shut down this service. In January 2025, a U.S. court even overturned the ban, allowing Lazarus to continue exploiting this service to conceal the origins of stolen assets.
The Lazarus Group also takes advantage of decentralized exchanges (DEX) and cross-chain bridges to disperse and convert assets in order to obfuscate their trail, making it challenging for law enforcement agencies to track illicit flows of funds.
The situation and prospects against the Lazarus Group in the cryptocurrency field
Currently, regulators, exchanges, and research organizations are collaborating to mark wallet addresses related to Lazarus to restrict transactions and enhance monitoring. However, with their rapid movement capabilities, use of various money laundering tools, and continuously changing tactics, this group remains a significant challenge to global cryptocurrency cybersecurity.
Enhancing security awareness for users, improving on-chain tracking technology, and developing robust anti-money laundering solutions are urgent requirements to protect assets and enhance the reliability and sustainability of the Blockchain ecosystem.
Source: https://tintucbitcoin.com/lazarus-group-danh-cap-32-trieu-usd-solana/
Thank you for reading this article!
Please Like, Comment, and Follow TinTucBitcoin to stay updated with the latest news about the cryptocurrency market and not miss any important information!
