The Feb. 28, 2025, attack targeted an unnamed victim, with stolen funds bridged from Tron to Ethereum and laundered through privacy mixing tool Tornado Cash. ZachXBT noted that blockchain records show the hacker moved 96 batches of 10 ETH, four batches of 100 ETH, 78 batches of 1 ETH, and five smaller increments totaling over $3.1 million.

ZachXBT traced the theft to two addresses: “TYQ34” on Tron and “0xcce” on Ethereum. The onchain sleuth said the latter wallet had been flagged in a 2023 Fantom Foundation executive phishing attack attributed to Lazarus Group by a March 2024 United Nations (UN) report.

The reuse of the ether address provided a critical link to Lazarus, which the UN tied to crypto thefts reportedly funding North Korea’s weapons programs. The group is accused of stealing billions, including last week’s massive Bybit $1.4 billion breach.

The latest heist’s operational parallels to past Lazarus campaigns, including rapid fund fragmentation and reliance on cross-chain bridges to obscure trails. Mixers and decentralized exchange (DEX) platforms remain the preferred laundering tool for the group despite some freezes and roadblocks.

The victim’s identity and method of infiltration remain unclear. Cybersecurity firms and onchain observers urge heightened vigilance against spearphishing, a hallmark of the group’s tactics. Moreover, after tracing swathes of transactions, ZachXBT explained this week that North Korea’s hacking collective is connected to four different major centralized exchange (CEX) hacks, including Bybit, Poloniex, Phemex, and Bingx.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。