Blockchain investigator Zachxbt has identified a hacker tied to a stolen code of $1.95 million in North Korea’s Lazarus Group laundry, through tornado cash in the mixer.
North Korean hackers use tornado cash to obfuscate the $1.95 million Ethereum road
The theft came from the attack on May 16, 2025, and according to ZachxBT, the attack in which the victim lost $3.2 million from multiple Solana addresses. The hackers deposited 400 ETH on June 25th and 800 ETH in tornado cash at 400 ETH on June 27th, after selling the assets and the funds bridged to the Ethereum chain.
Images shared by Zachxbt on his Telegram channel.
Zachxbt remains untouched at the address “0xa5f” with around $1.25 million on DAI and Ethereum. The Solana theft address is identified as “C4WY1”.
The Lazaro Group, a North Korean-run state-sponsored hacking group, is carrying out massive cyberattacks to fund the administration’s arms programme. Since 2018, cryptocurrency has been stolen through exchange hacking, ransomware and phishing schemes, and has been stolen from the US Treasury Department.
Authorities and investigators like ZachxBT could monitor $1.25 million in motion as blockchain analysts track Lazaro Group’s cross-chain laundry tactics. However, the role of Tornado Cash makes Ethereum-based tools blur and make transaction trails more difficult.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
