Onchain investigator ZachXBT has suggested that the Lazarus Group, the primary suspect behind the $1.4 billion Bybit hack, may also be linked to recent Solana memecoin scams, including rug pulls on the Pump.fun platform. The crypto industry faced its largest hack in history on Feb. 21 when Bybit lost over $1.4 billion in liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and other digital assets. Blockchain security firms, including Arkham Intelligence, have identified North Korea’s Lazarus Group as the likely culprit behind the Bybit exploit.
According to ZachXBT, the same entity laundering the hacked Bybit funds may also be responsible for some of the recent memecoin launches on Solana’s Pump.fun. On Feb. 22, the attacker reportedly received $1.08 million from the Bybit hack, which was bridged to Solana and consolidated across multiple wallets, some of which had previous links to memecoin scams. ZachXBT also revealed that the same Lazarus Group-affiliated wallets suspected in the Bybit hack were behind the $29 million Phemex hack in January.
The Lazarus Group’s connection to Solana’s Pump.fun platform comes amid a wave of memecoin scams on the Solana blockchain. Investor sentiment was hit after the rise and fall of the Libra (LIBRA) token, endorsed by Argentine President Javier Milei, where insiders allegedly siphoned over $107 million worth of liquidity in a rug pull, causing a 94% price collapse within hours and wiping out $4 billion in investor capital. Solana user activity is also declining, with active addresses falling to a weekly average of 9.5 million in February, down nearly 40% from November 2024.
Despite these challenges, some analysts believe these issues may turn into a net positive for Solana’s growth in the long term. — news from Cointelegraph