Lararuz Latest Solana Hack: Here are the Details
2025-06-30
Another day, another exploit. On May 16, 2025, the crypto world was shaken yet again after $3.2 million was drained from several Solana wallets. Investigators quickly noticed something familiar about the attack, and all signs point to the North Korea-linked hacking group Lazarus.
The stolen assets were converted into Ethereum through a cross-chain bridge, and soon after, a portion of the funds was funneled into Tornado Cash, a crypto mixer often used for laundering. The remaining assets are still sitting idle on the Ethereum blockchain, making analysts wonder whether the next move is being carefully planned.
Let’s unpack the details of what happened, how the attack was carried out, and what it signals for the future of crypto security.
If you are interested in crypto trading, explore Bitrue and enhance your experience. Bitrue is dedicated to providing safe, convenient, and diversified services to meet all crypto needs, including trading, investing, purchasing, staking, borrowing, and more.
Key Takeaways
1. Around $3.2 million was stolen from Solana wallets in May 2025, with ties to Lazarus Group.
2. The stolen tokens were bridged to Ethereum and partially laundered using Tornado Cash.
3. Over $1.2 million remains unspent, sitting in an Ethereum wallet, possibly awaiting further laundering.
A Closer Look at the May 2025 Solana Exploit
The hack began quietly, with sudden token outflows from multiple Solana wallets. It didn’t take long for blockchain sleuths to notice that something wasn’t right. Transfers from the wallet “C4WY…e525” raised red flags due to their large size and unusual patterns.
Shortly after, well-known crypto investigator ZachXBT publicly flagged the activity. By tracking the on-chain movements, he confirmed that the stolen assets were being moved through a bridge, most likely Wormhole or Portal, and swapped into Ethereum.
These types of cross-chain bridges have become common targets for exploiters because they allow hackers to shift stolen funds quickly across networks.
Once on Ethereum, the funds were broken up and redirected to new wallets. Then came two large Tornado Cash deposits, 400 ETH each on June 25 and June 27. In total, about $1.6 million was laundered through the mixer.
As of now, roughly $1.25 million worth of DAI and ETH remains in a wallet (“0xa5…d528”). This dormant stash has not yet been moved, suggesting the attackers may be waiting for regulatory pressure to die down or preparing for another laundering phase.
Read Also: The DOJ Seized Crypto Assets Tied to North Korea! How Much Was Taken?
Who is the Lazarus Group and Why are They Doing This?
The Lazarus Group is one of the most infamous names in crypto hacking. Believed to be linked to North Korea’s military intelligence, the group has been around since 2017 and has stolen billions in digital assets over the years.
Their strategy is as efficient as it is alarming. Attacks often begin with phishing emails or compromised software, targeting key personnel in crypto firms or DeFi projects. Once inside, Lazarus moves fast. They exploit wallet flaws, breach smart contracts, and drain funds almost instantly.
After getting their hands on the assets, they:
1. Break funds into smaller chunks
2. Use bridges to move them across chains
3. Swap assets for stablecoins or ETH
4. Launder through Tornado Cash and other mixers
The goal is to erase the transaction trail and cash out with minimal traceability. Despite international sanctions, Lazarus continues to operate with sophisticated tools and near-military coordination.
What makes this case even more concerning is its timing. It follows major breaches like the Bybit incident in February 2025, where $1.5 billion was lost, and echoes similar tactics seen in the 2022 Horizon Bridge hack.
Read Also: Crypto’s Most Wanted: Lazarus Group’s $3.19M Heist on Tron Sparks Global Alarm
Tornado Cash is Still Central to Crypto Laundering
If there’s a common thread in many crypto hacks, it’s Tornado Cash. This privacy-focused mixer is often the final stop for stolen funds before they vanish into thin air.
Even though Tornado Cash was sanctioned by the U.S. in 2022, the platform remains functional thanks to decentralized hosting and its immutable smart contracts.
In early 2025, a U.S. appeals court controversially reversed the sanctions, citing free speech arguments. This legal shift has, in practice, made it easier for groups like Lazarus to keep using it.
Here’s why Tornado Cash is effective:
1. It pools transactions from many users, making tracking nearly impossible
2. It doesn’t require KYC or user verification
3. It operates on-chain, with no centralized entity to shut it down
So, when Lazarus sent 800 ETH through Tornado Cash, those assets likely became untraceable within minutes. This makes it incredibly hard for exchanges, law enforcement, and regulators to follow the money.
Some crypto analytics firms are working on better tracking tools, but mixers like Tornado Cash still present a major challenge for transparency and anti-money laundering efforts.
Read Also: North Korea’s $1.5B ETH Hack Tragedy: The Most Phenomenal Hack in History
Conclusion
This Solana hack is just the latest entry in a long list of exploits that show how vulnerable the crypto space can be, especially when cross-chain tools are involved. With $3.2 million gone, a known threat actor on the move, and Tornado Cash still in play, it’s clear that crypto crime is not slowing down.
For users, this is another wake-up call to be cautious with wallet security, avoid risky links, and only use trusted apps and services. For platforms and developers, it means stepping up security audits, monitoring transactions more closely, and considering proactive defenses against bridge attacks and laundering.
If you’re managing crypto across multiple chains, having a secure and reliable trading partner is essential. Bitrue offers a smooth trading experience with solid protection, multi-chain support, and easy-to-use tools for all kinds of crypto users. Whether you’re trading tokens or watching your NFT wallet, Bitrue helps you stay safer in a volatile landscape.
FAQ
How was the Solana hack connected to the Lazarus Group?
Blockchain researchers linked the movement of stolen funds and laundering behavior to tactics previously used by Lazarus. Key patterns included cross-chain bridges and Tornado Cash deposits.
Why is Tornado Cash still being used if it was sanctioned?
Despite U.S. sanctions in 2022, Tornado Cash’s decentralized code and hosting keep it operational. In 2025, a court ruling overturned the ban, making it easier to access again.
What should I do to protect my crypto from similar hacks?
Always use secure wallets, avoid unknown links, and double-check app permissions. Consider platforms like Bitrue that prioritize user safety and transparency.
Disclaimer: The views expressed belong exclusively to the author and do not reflect the views of this platform. This platform and its affiliates disclaim any responsibility for the accuracy or suitability of the information provided. It is for informational purposes only and not intended as financial or investment advice.
Disclaimer: The content of this article does not constitute financial or investment advice.
