ZachXBT Unmasks $3.2M Solana Exploit Tied to Lazarus Group

A $3.2M Heist on May 16

According to ZachXBT’s latest update on his Telegram channel, Lazarus orchestrated a theft of $3.2 million on May 16. The attackers quickly converted the stolen Solana into Ethereum.

Then, 800 ETH was funneled into Tornado Cash, a protocol often used to obscure on-chain activity.

Not Their First Exploit

This wasn’t an isolated incident. ZachXBT also linked Lazarus to a separate attack on multiple NFT projects, including those related to artist Matt Furie, known for creating Pepe.

Projects like ChainSaw and Favrr were impacted. Hackers took control of NFT contracts, minted new tokens, and dumped them—stealing over $1 million.

Funds Laundered and Shifted

The stolen ETH was split across three wallets. Some of it was converted into stablecoins and moved to MEXC, a centralized exchange. This pattern suggests a broader network behind the attack.

ZachXBT also discovered GitHub accounts with Korean language settings and Asia/Russia time zones, consistent with DPRK-linked activity.

One key suspect is Alex Hong, Favrr’s alleged CTO. His LinkedIn profile was deleted shortly after the incident. Investigators now believe he may be a North Korean IT worker posing as a U.S.-based developer.