LazarusGroup

The North Korea-linked hacker group Lazarus is back in the spotlight. On May 16, 2025, over $3.2 million was drained from multiple wallets on the Solana blockchain. The stolen assets were quickly bridged to Ethereum and a portion was laundered through Tornado Cash.
According to blockchain analyst ZachXBT, who publicly reported the incident, the exploit bears all the hallmarks of Lazarus’ operations. The group has previously been linked to massive crypto thefts, including the $1.5 billion Bybit hack earlier in 2025.

💸 From Solana Wallets to Ethereum and into Tornado Cash
Attackers began by emptying several Solana-based wallets – such as the known address "C4WY…e525" – then bridged the funds to Ethereum. On June 25 and again on June 27, they sent 400 ETH per transaction into Tornado Cash, totaling $1.6 million, to obscure the trail.
Another $1.25 million in DAI and ETH remains idle in wallet "0xa5…d528", likely waiting for future laundering or left inactive to avoid detection.

🕵️‍♂️ Phishing, Bridges, Mixers: A Familiar Modus Operandi
Active since 2017, Lazarus has earned its reputation as the most prolific state-backed cybercrime group. Their playbook often begins with phishing or malware infiltration, followed by exploiting smart contract vulnerabilities or wallet flaws. Once funds are acquired, they are swiftly converted into liquid assets, split across multiple wallets, and laundered via decentralized exchanges and cross-chain bridges.
Tornado Cash is central to their laundering tactics. Despite facing U.S. sanctions in 2022, the decentralized protocol’s immutability and distributed hosting allowed it to survive. In January 2025, a U.S. appeals court reversed the sanctions, citing free speech protections, effectively reviving the tool's usage – including by Lazarus.

⚠️ Crypto Laundering Remains a Major Threat
While regulators and exchanges are increasingly flagging suspicious addresses, the speed and complexity of Lazarus operations continue to outpace enforcement. This latest heist demonstrates how mixers like Tornado Cash remain highly effective at obscuring the movement of stolen funds.
Experts warn that the remaining funds in "0xa5…d528" could soon be moved, possibly in another round of laundering unless intercepted.

#LazarusGroup , #CryptoSecurity , #solana , #TornadoCash , #CyberSecurity

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

Блокчейн-детектив ZachXBT 21 червня 2025 року на X звинуватив децентралізовану платформу Garden Finance у відмиванні коштів, пов’язаних із хакерською атакою на біржу Bybit, де було викрадено $1,4 млрд. За його даними, понад 80% комісійних доходів платформи ($300 000 за 12 днів) походять від незаконних транзакцій, нібито організованих китайськими відмивачами, пов’язаними з північнокорейською групою Lazarus.
Garden Finance, що позиціонує себе як «найшвидший біткойн-мост», обробила 24 984 $BTC ($1,5 млрд) через 40 571 атомарний своп. ZachXBT стверджує, що єдина організація постійно поповнювала ліквідність cbBTC із Coinbase, ставлячи під сумнів децентралізованість платформи. Співзасновник Garden Finance Джаз Гулаті відкинув звинувачення, заявивши, що 30 BTC комісій були зібрані до хака Bybit, і назвав претензії «дезінформацією».
Ця суперечка викликала резонанс у криптоспільноті, піднімаючи питання про вразливість DeFi-платформ до зловживань. Аналітики попереджають, що звинувачення можуть призвести до регуляторного тиску на Garden Finance.
Підписуйтесь на #MiningUpdates , щоб стежити за розвитком подій!
#zachxbt #GardenFinance #CryptoLaundering #BybitHack #LazarusGroup #defi #Blockchain

За даними Arkham Intelligence, організатор зламу Bybit на суму 1,5 мільярда доларів був ідентифікований, і винуватцем є не хто інший, як Lazarus Group, сумнозвісний північнокорейський синдикат кіберзлочинців.

🔎 Що ми знаємо на даний момент:
🔹 Lazarus Group має історію великих криптовалютних крадіжок, відмиваючи мільярди через складні блокчейн-транзакції.
🔹 Викрадені кошти переміщуються через кілька гаманців, що ускладнює повернення.
🔹 Влада та аналітики блокчейну зараз відстежують активи, щоб запобігти ліквідації.

⚠️ Що далі?
Ця атака посилює потребу в більш сильних заходах криптобезпеки та глобальній співпраці для боротьби з кіберзлочинністю. Чи Bybit поверне втрачені кошти, чи це ще одна загадка на мільярд доларів?

💬 Що ви думаєте про останнє пограбування криптовалюти? Залиште свої думки нижче! 👇

👉 Слідкуйте за новинами про криптовалюту в реальному часі! – Мухаммад Еджаз
#BybitHack #CryptoSecurity #LazarusGroup #CyberCrimeFighter #BlockchainForensics 🚨

Lazarus Group is one of the world’s most dangerous cyber hacking organizations, believed to be operating under the supervision of the North Korean government. It began its activities in the early 2000s and has since carried out high-profile attacks targeting financial institutions, technology companies, and cryptocurrency platforms. Its primary objectives are to fund the North Korean regime, evade international sanctions, and gather intelligence.
Origins and Development
Lazarus Group first appeared on the cyber scene in 2009, but it gained global attention in 2014 after the infamous attack on Sony Pictures. During that attack, the hackers infiltrated the company’s systems, stole sensitive data, and released threatening messages in response to the film “The Interview”, which mocked North Korean leader Kim Jong-un. Since then, the group has diversified its targets, including banks, governments, and cryptocurrency companies.

Group’s Objectives and Motives
1. Illicit Financing:
Due to the economic sanctions imposed on North Korea, the group steals money and cryptocurrencies to fund its nuclear and military programs.
2. Cyber Espionage:
The group gathers intelligence from governments and corporations to strengthen North Korea’s position in international negotiations.
3. Destabilization:
Some attacks are aimed at creating chaos in enemy countries or disrupting their economic systems.

Notorious Cyberattacks
1. Sony Pictures Hack (2014)
• The hackers infiltrated Sony’s systems, leaking unreleased films and sensitive emails.
• The attack caused significant financial losses and raised concerns about online freedom of expression.
2. WannaCry Ransomware Attack (2017)
• A global ransomware attack that infected over 230,000 devices in 150 countries.
• It crippled hospitals, companies, and banks, with hackers demanding ransom in Bitcoin to unlock encrypted files.
3. Bangladesh Central Bank Heist (2016)
• The group stole $81 million through illegal transfers from the Federal Reserve Bank of New York to accounts in the Philippines.
• The theft could have reached $1 billion if the breach had not been discovered at the last minute.
4. Ronin Network Hack (2022)
• The group breached the blockchain network of the game Axie Infinity, stealing over $620 million in Ethereum (ETH) and USDC.
• This was one of the largest cryptocurrency hacks in history.

Hacking Techniques and Tools

Lazarus Group employs advanced techniques and diverse methods, including:
1. Social Engineering: Tricking employees into clicking malicious links via emails or social media.
2. Ransomware: Encrypting data and demanding cryptocurrency payments to restore access.
3. Blockchain Breaches: Exploiting vulnerabilities in smart contracts and decentralized finance (DeFi) platforms.
4. Money Laundering: Using cryptocurrency mixers like Tornado Cash to hide the origin of stolen funds.

Organizational Structure

Little is known about the group’s internal structure due to its secrecy. However, it is believed to operate under North Korea’s Reconnaissance General Bureau (RGB), responsible for intelligence activities and special operations abroad. The group is likely supported by skilled programmers and hackers trained within the country.

Global Economic Impact

Lazarus Group’s attacks have resulted in billions of dollars in losses and disrupted financial markets worldwide. For example, ransomware attacks like WannaCry harmed healthcare providers and banks, while cryptocurrency thefts undermined investor confidence in blockchain technology.
International Response
1. United States: The U.S. Treasury Department has imposed sanctions on individuals and entities linked to Lazarus Group. The FBI has also classified the group as a top cyber threat.
2. United Nations: UN reports indicate that stolen funds are used to finance North Korea’s nuclear weapons program.
3. Cybersecurity Companies: Firms like Kaspersky, Symantec, and CrowdStrike are actively tracking the group’s activities and developing protection systems against its attacks.
How to Protect Yourself from Lazarus Group’s Attacks
• Enhance Cybersecurity: Use advanced firewalls and antivirus software.
• Employee Awareness: Train employees to recognize phishing emails and suspicious links.
• Enable Two-Factor Authentication (2FA): Especially for managing cryptocurrency wallets.
• Backup Important Data: Keep encrypted backups of critical data.
Conclusion
Lazarus Group is a clear example of how cybercrime can be used as a political and economic tool. With its advanced skills and diverse strategies, it has become a major player in the world of cybercrime. As the world increasingly relies on digital assets, the group is expected to continue its attacks, making cybersecurity a top priority for individuals and organizations alike.
$AXS $ETH $BTC
#BybitSecurityBreach #LazarusGroup #SouthKorea #ETH #BTC☀

🙄Hack A group of DPRK #hackers #LazarusGroup hacked a cold wallet on the exchange for 400k $ETH ($1.5 billion dollars)
Now they have more ether than Vitaliy Buterin, the creator of the token himself
😀The channels are already screaming that North Korea has announced a strategic reserve of ether😂

#BybitHack #BybitWalletHack