The Lazarus Group, the primary suspect behind the $1.4 billion Bybit hack, may also be linked to recent Solana memecoin scams, including rug pulls on the Pump.fun platform, according to onchain investigator ZachXBT.
The crypto industry was rocked by the largest hack in history on Feb. 21, when Bybit lost over $1.4 billion in liquid-staked Ether (stETH), Mantle Staked ETH (mETH) and other digital assets.
Blockchain security firms, including Arkham Intelligence, have identified North Korea’s Lazarus Group as the likely culprit behind the Bybit exploit.
The same entity laundering the hacked Bybit funds may also be responsible for some of the recent memecoin launches on Solana’s Pump.fun, according to ZachXBT.
“On Feb 22 the attacker received $1.08M from the Bybit hack to 0x363908df2b0890e7e5c1e403935133094287d7d1 who bridged USDC to Solana,” ZachXBT wrote in in a Feb. 23 Telegram post.
The $1 million was then consolidated across multiple wallets on Solana, some of which had previous links to memecoin scams, the investigator added.
“I made 920+ addresses receiving funds tied to the Bybit hack public and noticed a person laundering for Lazarus Group previously launched meme coins via Pump Fun,” he said.
Onchain findings from ZachXBT also revealed that the same Lazarus Group-affiliated wallets suspected in the Bybit hack were also behind the $29 million Phemex hack in January.
Related: Bybit hack, withdrawals top $5.3B, but ‘reserves exceed liabilities’ — Hacken
Solana plagued by memecoins scams, rug pulls
The Lazarus Group’s connection to Solana’s Pump.fun platform is not surprising, given the recent wave of memecoin scams on the Solana blockchain.
Investor sentiment took a hit after the rise and fall of the Libra (LIBRA) token, which was endorsed by Argentine President Javier Milei. The project’s insiders allegedly siphoned over $107 million worth of liquidity in a rug pull, triggering a 94% price collapse within hours and wiping out $4 billion in investor capital.
The rate of monthly capital inflow into Solana (SOL) and Solana’s MEME index turned to a monthly negative of -5.9%, according to a Glassnode chart shared with Cointelegraph.
Market: top asset realized cap percent change, 30-days. Source: Glassnode
Solana user activity is also in decline. The number of active addresses on the network fell to a weekly average of 9.5 million in February, down nearly 40% from the 15.6 million active addresses in November 2024.
Solana active addresses. Source: Glassnode
This marks a significant cooldown for the blockchain, according to CryptoVizArt, a senior analyst at Glassnode.
The analyst told Cointelegraph:
“A significant cool down in Solana activity is evident, however, we are relatively higher than pre pre-bull market baseline of
Related: Pig butchering scams stole $5.5B from crypto investors in 2024 — Cyvers
Solana’s advanced technology has attracted its fair share of bad actors and cases of insider corruption, despite the technology being neutral in itself.
However, these issues may turn into a net positive for Solana’s growth in the long term, according to a Feb. 18 X post from blockchain researcher Aylo.
Magazine: China’s ‘point running’ crypto scams, pig butchers kidnap kids: Asia Express