The Bybit hackers have begun laundering a portion of the stolen funds through meme coins, with experts asserting that the North Korean hacking collective Lazarus is implicated in the operation.
Lazarus is leveraging the Pump.fun platform on the Solana blockchain to legitimize the pilfered assets. Investigators uncovered that the group transferred 50 SOL (approximately $8,000) to a wallet associated with the launch of the QinShihuang token. In a short span, the token’s market capitalization surged to $3 million, while its 24-hour trading volume exceeded $44 million.
Experts explain that the hackers injected real liquidity from Pump.fun users, intermingling it with stolen funds. Once these assets had gained sufficient circulation, they offloaded the tokens, cashed out the proceeds, and dispersed them across multiple wallets, effectively obfuscating the transaction trail.
Although the laundered sum is significantly smaller than the $1.46 billion stolen, analysts caution that this may have been a test run. If the method proves effective, Lazarus could employ it on a larger scale in the future.
Meanwhile, a Coinbase representative highlighted another alarming incident: someone transferred a meme coin named “Lazerus” to North Korea, which was subsequently exchanged for thousands of dollars in SOL. The expert reminded crypto traders that any financial transactions involving North Korea constitute a violation of international law.
Further investigation suggests that Lazarus may be orchestrating multiple meme coin launches via Pump.fun. Blockchain researcher ZachXBT, who previously linked the group to the Bybit hack, identified over 920 wallets that had received funds from the stolen assets. The tokens were subsequently moved to various exchanges and crypto services.
Analysts emphasize that meme coins and DeFi platforms are becoming increasingly popular tools for laundering illicit funds. However, growing scrutiny from law enforcement and blockchain analysts may complicate future attempts to exploit these tactics.
