ZachXBT Unmasks $3.2M Solana Exploit Tied to Lazarus Group

A $3.2M Heist on May 16

According to ZachXBT’s latest update on his Telegram channel, Lazarus orchestrated a theft of $3.2 million on May 16. The attackers quickly converted the stolen Solana into Ethereum.

Then, 800 ETH was funneled into Tornado Cash, a protocol often used to obscure on-chain activity.

Not Their First Exploit

This wasn’t an isolated incident. ZachXBT also linked Lazarus to a separate attack on multiple NFT projects, including those related to artist Matt Furie, known for creating Pepe.

Projects like ChainSaw and Favrr were impacted. Hackers took control of NFT contracts, minted new tokens, and dumped them—stealing over $1 million.

Funds Laundered and Shifted

The stolen ETH was split across three wallets. Some of it was converted into stablecoins and moved to MEXC, a centralized exchange. This pattern suggests a broader network behind the attack.

ZachXBT also discovered GitHub accounts with Korean language settings and Asia/Russia time zones, consistent with DPRK-linked activity.

One key suspect is Alex Hong, Favrr’s alleged CTO. His LinkedIn profile was deleted shortly after the incident. Investigators now believe he may be a North Korean IT worker posing as a U.S.-based developer.

A Broader Pattern

These incidents reflect a larger trend. TRM Labs estimates that Lazarus and affiliated groups have stolen nearly $1.6 billion in crypto in 2025 alone. That’s roughly 70% of all stolen funds in the space this year.

Did You Know?

Matt Furie, whose NFT projects were targeted in this hack, is also the original creator of Pepe the Frog—a meme that later became central to the NFT culture and beyond.