BTCC / BTCC Square / Blockchainreporter /
Lazarus Group Strikes Again: $3.2M Solana-to-Ethereum Crypto Heist Exposed

Lazarus Group Strikes Again: $3.2M Solana-to-Ethereum Crypto Heist Exposed

Published:
2025-06-29 13:00:00
11
1

North Korea's infamous Lazarus Group is back in the headlines—this time for a slick $3.2 million cross-chain crypto heist. Here's how they pulled it off.


The Solana-to-Ethereum Shuffle

Security sleuths traced the stolen funds hopping from Solana to Ethereum, a move as calculated as a Wall Street hedge fund's tax strategy. The group's signature mix of phishing and exploit-based attacks left little doubt about their involvement.


Why This One Hurts

While $3.2M is pocket change compared to some DeFi hacks, the cross-chain nature of the theft exposes a growing vulnerability. Bridges remain the crypto world's rickety rope ladders—convenient, but begging to be cut.


The Bottom Line

Another day, another Lazarus hit. The only surprise? They didn't launder it through a 'legitimate' crypto exchange first.

hack 22

Lazarus Group, the notorious North Korea-affiliated company, is observed to be linked with a crypto theft of $3.2 million. The prominent on-chain analyst, ZachXBT, has given important insights about the matter.

Reportedly, 16th May was the attack day, highlighting remarkable concerns of the crypto community. The sophistication of attacks is increasing day by day, with state-linked cybercriminals. CoinRank has highlighted this issue through its official X account.

📢BREAKING: Lazarus Group Suspected in $3.2M Crypto Theft

On-chain investigator @zachxbt reports that a user was allegedly hacked by North Korea-linked @Lazarus Group on May 16, losing approximately $3.2 million in digital assets.

The stolen funds were sold and bridged from… pic.twitter.com/k3YCmzzltl

— CoinRank (@CoinRank_io) June 29, 2025

Stolen Funds Moved from Solana to Ethereum Anonymously

ZachXBT investigates the entire scene, highlighting that the solana blockchain initially held these stolen tokens. Then, these stolen tokens were converted and bridged to Ethereum. A key red flag is included in the timeline of the operation.

On the 25th and 27th of June, two separate deposits are made, each consisting of 400 ETH, into Tornado Cash. Through these movements, a clear attempt to obfuscate is suggested, amassing ownership and origin of the stolen funds. The conversion in Tornado Cash was to hide identity and evade detection and tracking.

The Tactics of the Lazarus Group Spotlighted by CoinRank

The analysts of CoinRank observe that the pattern of the latest exploit shows a clear resemblance to the previous Lazarus operations. This exploit includes the strategy of cross-chain laundering. The use of privacy tools such as Tornado Cash further cements the stance. Blockchain transparency is facing a continuous challenge from the usage of such protocols.

DeFi, the Vernacular of Growing Threats of Nation-State Actors

By showcasing this incident, CoinRank aims to highlight the growing exploits of nation-state actors across decentralized finance (DeFi). With the evolution in the Lazarus Group’s tactics, the blockchain community is now too responsive to prevent further threats. Investigators urge users to be cautious while handling cross-chain large assets. 

|Square

Get the BTCC app to start your crypto journey

Get started today Scan to join our 100M+ users