Lazarus Exploits Solana After Bybit’s Record Theft
On February 21, 2025, Bybit fell victim to a major cyberattack that resulted in the theft of over $1.4 billion in digital assets, including liquid Ether (stETH), Mantle Staked ETH (mETH), and other tokens. The hackers compromised Bybit’s cold wallet by deploying a fake smart contract, which successfully bypassed the platform’s multi-signature security system.
Following the breach, Arkham Intelligence conducted an investigation that pointed to the Lazarus group, a North Korean cybercriminal organization known for its involvement in large-scale cryptocurrency heists. The situation escalated on February 22, when ZachXBT uncovered a transfer of $1.08 million to the Solana blockchain, originating from a wallet address linked to the Pump.fun platform. This discovery confirmed a direct connection between the Lazarus group and fraudulent activities on Solana.
ZachXBT’s Findings: Memecoin Scams and More
On February 23, 2025, ZachXBT shared his findings in a Telegram message, revealing that he had identified over 920 addresses involved in laundering funds from the Bybit hack. Even more concerning, one of the individuals laundering these funds had previously orchestrated fraudulent memecoin launches through the Pump.fun platform.
According to ZachXBT, “I have made public over 920 addresses receiving funds related to the Bybit hack and noticed that a person laundering for the Lazarus group had previously launched meme coins via Pump Fun.”
Implications for the Entire Crypto Ecosystem
The Lazarus group’s involvement in both the Bybit hack and Solana memecoin scams poses significant risks for the broader cryptocurrency market. This revelation adds to a growing list of incidents where malicious actors are using decentralized platforms to carry out fraudulent activities, which undermines the integrity of the ecosystem.
Solana’s Struggles: A Vulnerable Ecosystem
These revelations come at a particularly challenging time for the Solana blockchain. Recently, the collapse of the Libra token, supported by Argentine President Javier Milei, caused a major shake-up within the network. Alleged insider trading led to over $107 million being diverted, resulting in a 94% drop in the token’s price and wiping out $4 billion in market capitalization.
The collapse of Libra has had a ripple effect on the Solana ecosystem, with the MEME index showing a negative rate of -5.9%. Network activity has also plummeted, with the number of active addresses dropping by 40%, from 15.6 million in November 2024 to just 9.5 million in February 2025.
Increased Threats and International Warnings
The Lazarus group’s actions have been devastating for the crypto ecosystem. In 2024 alone, the group stole $1.34 billion in digital assets, marking a 102% increase compared to 2023. This spike in activity has prompted governments, including the U.S., Japan, and South Korea, to issue joint warnings about the international scope of this threat and its potential impact on the global cryptocurrency market.
Conclusion: A Growing Threat to Crypto Security
The Lazarus group’s continued involvement in large-scale cybercrimes highlights the increasing risks facing the cryptocurrency ecosystem. From the Bybit hack to the memecoin scams on Solana, it’s clear that cybercriminals are exploiting vulnerabilities in decentralized platforms. As the group’s activity continues to grow, the crypto community must remain vigilant and take steps to bolster security measures in order to mitigate these threats.
Ecosystem
Research
News Network
About