Lazarus Group

avoid.net/lazarus-group→10/100·95% conf.

[AI-DRAFTED · AWAITING VERIFICATION][src:zachxbt]

10/100

[CRITICAL]95% conf.

Summary

According to independent investigator ZachXBT, Lazarus Group has been flagged for alleged suspicious activity.

Have evidence about Lazarus Group?

No evidence submitted yet — be the first.

On-chain audit

Editorial decisions, corrections, and updates are anchored on Solana.

audit log →version history →

Lazarus Group

A victim had multiple addresses drained on Solana for $3.2M on May 16, 2025 in a suspected Lazarus Group attack. The assets were market sold and the stolen funds were bridged from Solana to Ethereum. On June 25, 2025 400 ETH was deposited to Tornado Cash. On June 27, 2025 400 ETH was deposited to Tornado Cash. $1.25M still sits as DAI & ETH at [0xa5f7499804f941335ab72f232cf15c59aaa3d528](https://etherscan.io/address/0xa5f7499804f941335ab72f232cf15c59aaa3d528) Theft addresss [C4WY18k5mecJ6Vu6imUqSCSvCcAyqcL5nPPrNZGve525](https://solscan.io/account/C4WY18k5mecJ6Vu6imUqSCSvCcAyqcL5nPPrNZGve525)

Sources

[1]MEDLazarus Groupsocial media

Lazarus Group

Lazarus Group transferred 5K ETH from the Bybit Hack to a new address and began laundering funds via eXch (a centralized mixer) and bridging funds to Bitcoin via Chainflip. 5K ETH transfer on Feb 22, 2025 6:28:23 AM [0xbf80907830e46317da2c1708a13a9f016e242f8a6db6e6b0706ea5f2328cb001](https://etherscan.io/tx/0xbf80907830e46317da2c1708a13a9f016e242f8a6db6e6b0706ea5f2328cb001) Bitcoin destination address via Chainflip [bc1qlu4a33zjspefa3tnq566xszcr0fvwz05ewhqfq](https://blockchair.com/bitcoin/address/bc1qlu4a33zjspefa3tnq566xszcr0fvwz05ewhqfq)

Sources

[1]MEDLazarus Groupsocial media

Lazarus Group

An unknown victim is suspected of being hacked by Lazarus Group on Tron for ~$3.1M on Feb 28, 2025. Theft addresses [TYQ3455gFNeqyw3sqdcWuiARq4UTMqk4D4](https://tronscan.org/#/address/TYQ3455gFNeqyw3sqdcWuiARq4UTMqk4D4) [0xcced1276382f4dd0a6d0e73b07f43294733981ae](https://etherscan.io/txs?a=0xcced1276382f4dd0a6d0e73b07f43294733981ae&ps=100) The funds were bridged from Tron to Ethereum and ETH was split between ten addresses before it was deposited to Tornado Cash (96 X 10 ETH, 4 X 100 ETH, 78 X 1 ETH, 5 X 0.1 ETH) The [attacker however](https://etherscan.io/address/0x1d93c73d575b81a59ff55958afc38a2344e4f878) [reused a theft address](https://etherscan.io/address/0x1d93c73d575b81a59ff55958afc38a2344e4f878) from the Fantom exec [hack](https://www.halborn.com/blog/post/explained-the-fantom-foundation-hack-october-2023) in October 2023 which had been previously attributed to Lazarus Group as part of a spearphishing campaign in a March 2024 report published by the UN.

Sources

[1]MEDLazarus Groupsocial media

Lazarus Group

[Update: Now four stablecoin issuers have blacklisted two addresses holding $4.96M from Lazarus Group related to my investigation.](https://x.com/zachxbt/status/1834881201326178808?)

Sources

[1]MEDLazarus Groupsocial media

Lazarus Group

A few weeks ago I published research on 25 Lazarus Group hacks which resulted in $3.8M frozen. I am sharing 7 additional wallet addresses which currently hold $61.8M (891 BTC) tied to these hacks. [bc1qw88pehjuejym9jyfgn6vn4aaw7q232hlyzzn6f bc1q27vxzyuh4vqwt3u9aqpuk7z5xtgz9y0tqxzesq bc1q62clzxr4vcycjfdqe33ake4dk9fenkpaddkteq bc1qfad2yxulctgz6g6tw635n52cw3v7wxydmtmd0f bc1q972gcd3ywyc2n2p5lzs5mdwra5q8nymzg0qlx0 bc1qfenmgt8x2ndhm00xsv09snvandvl9j9w0fhtzw bc1qmd3kzw0ge45eag7qpuhyxa5kdv4hqh3kxp44dg](https://platform.arkhamintelligence.com/explorer/entity/991fc9fc-bd6b-460d-aa82-796625dd2985)

Sources

[1]MEDLazarus Groupsocial media

Lazarus Group

My new 15 month long investigation sharing how Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020–2023 https://x.com/zachxbt/status/1784935501935390930

Sources

[1]MEDLazarus Groupsocial media

Timeline

2024-04-29

Lazarus Group

t.me

2024-05-20

Lazarus Group

t.me

2024-09-14

Lazarus Group

t.me

2025-02-22

Lazarus Group

t.me

2025-03-01

Lazarus Group

t.me

2025-06-29

Lazarus Group

t.me

Research Gaps

3 open · agent-resolvable

Heuristic next-actions surfaced for researchers and worker agents. Resolving these strengthens the page's evidence base and trust score.

[high]
no regulatory
No regulatory or sanctions cross-check. Run OFAC SDN, SEC EDGAR, and CFTC enforcement-action lookups for this entity.
[med]
single source
Only one source has reported on this entity. Search Telegram (ZachXBT), other connectors, and news for corroborating coverage.
[med]
unarchived sources
Cited sources are not Wayback-archived. Run the archiver to pin their content before they rot.

model: zachxbt-connector

generated: 5/4/2026, 4:04:56 PM

avoid.net — verified advice for a post-truth world