Lazarus Group Archives

5th June 2025

WazirX’s Restructuring Plan Declined By Singapore Court, Hacked Indian Exchange Says

Embattled Indian crypto exchange WazirX’s restructuring plan has hit a major snag, with the Singapore High Court declining to approve the crypto exchange’s proposed scheme to repay creditors.

The decision effectively delays any payouts that were expected to begin as early as April 2025. “The Honourable Singapore High Court issued an order declining to approve our proposed restructuring plan,” WazirX said in an email to creditors.

“While this outcome was not what we anticipated, we respect the Court’s decision and remain fully committed to complying with all legal and regulatory processes. Our primary focus remains to begin distributions as soon as possible,” it claimed.

The court initially approved WazirX’s plan in January after the exchange sought protection from liquidation in the wake of a devastating $230 million hack by North Korea’s Lazarus Group.

The scheme would have allowed creditors to vote on whether to accept the plan, with payouts promised within 10 business days of activation.

That plan also included launching a decentralized exchange (DEX), issuing recovery tokens, and implementing periodic buybacks to support liquidity.

But with the court’s latest decision, the timeline for creditor repayment has again been thrown into uncertainty. If the restructuring ultimately fails, WazirX could face liquidation under section 301 of the Singapore Companies Act, which might result in fire-sale prices for remaining assets and lower compensation for creditors, as previously reported.

WazirX has faced overwhelming criticism for its slow communication and limited success in asset recovery, and severely limiting the ability for users to interact with its social media accounts.

The exchange once dominated crypto trading in India, but many are now left wondering if they will ever see their money again.

29th April 2025

Monero (XMR) Price Jumps 50% Amid ‘Suspicious’ $330 Million BTC Transfer – Details

An analyst has suggested that Monero (XMR) could repeat its 2021 cycle-high amid its recent price jump. However, a renowned on-chain sleuth has linked the surge to suspicious Bitcoin (BTC) transactions.

Monero Soars After $330 Million BTC Theft

Privacy and security-focused token Monero saw its price soar 52% to a four-year high on Monday. The cryptocurrency surged from its recently reclaimed $220-$230 support toward the $340 resistance, hitting $347 in the early hours of Monday.

Amid the massive surge, on-chain detective ZachXBT has linked the pump to a “suspicious transfer” from a potential victim of social engineering. The crypto sleuth explained that a suspicious transfer of 3,520 BTC, worth around $330.7 million, was made on Sunday night.

monero

According to the post, the funds were laundered via more than 6 instant exchanges shortly after the initial transfer, being swapped for XMR, seemingly based on timing analysis and the Monero price jump.

An X user suggested the stolen Bitcoin was “likely from the Bitstamp hack that occurred in 2014.” The internet detective denied the idea, stating that the victim was likely an OG Bitcoiner.

Meanwhile, others questioned whether the wallet owner made the transactions or if it was a theft. ZachXBT detailed multiple factors that led him to believe it was likely a theft, including the wallet being a longtime BTC holder and a Gemini, River, and Coinbase user.

Additionally, he noted that the $330 million in Bitcoin was suddenly moved and transferred in small increments to instant exchanges, creating hundreds of orders. This would make the owner lose multiple 7-figures to fees, making it inefficient for a normal person.

The crypto sleuth also considers that the theft isn’t likely related to North Korea’s Lazarus Group, which recently stole $1.5 billion worth of Ethereum (ETH) from crypto exchange Bybit.

Is XMR Near A Breakout?

Since the pump, Monero has retraced around 25% from today’s high to trade between the $250-$260 range. Crypto analyst Rekt Capital noted that XMR has successfully retested its $214 range’s low as support amid the market recovery.

Notably, the cryptocurrency has been moving within the $112-$214 price range since 2022, surging above the range’s resistance line amid the November post-US elections breakout.

Monero

After the Q3 2024 rally, Monero entered its key $214-286 range, which has previously worked as a key support and resistance area. After breaking out of the range’s upper boundary, the cryptocurrency rallied to its 2018 all-time high (ATH) of $542 and its 2021 high of $480.

During the Q1 2025 retraces, the XMR dropped below the $214 mark, testing the $200 area as support before bouncing. Similarly, the early April pullback sent the cryptocurrency toward this level, finally reclaiming it two weeks ago.

Since then, the cryptocurrency has rallied toward the $220-$230 range, fueled by the ongoing market recovery, but was ultimately rejected at the key resistance level. Today’s recent pump has seen Monero break above the $230 mark for the first time since February.

Despite the alleged laundering-driven surge, the analyst affirmed that the cryptocurrency has now “repeated early 2021 history,” where the token reclaimed its current range and retested its lower boundary before breaking out to cycle highs.

If history repeats and XMR’s price holds its current range, it could position itself for a surge above the $300 barrier.

Monero, XMR, XMRUSDT

26th February 2025

Bybit and Safe Custody Are at Odds on Who’s to Blame for $1.5B Hack

Cryptocurrency exchange Bybit has published a forensic review on last week’s $1.5 billion hack, revealing that its systems had not been infiltrated and that the issue seemed to have stemmed from compromised Safe wallet infrastructure.

Bybit concluded from the review that “the credentials of a Safe developer were compromised,” which allowed the Lazarus hacking group to gain unauthorized access to the Safe wallet and subsequently deceive Bybit staff into signing the malicious transaction.

However, a person familiar with the matter told CoinDesk that despite the wallet’s infrastructure being compromised by social engineering, the hack would not have been possible had Bybit not “blind signed” the transaction. The term refers to a mechanism where a smart contract transaction is approved without comprehensive knowledge of its contents.

Safe also issued a statement saying that “Safe smart contracts [were] unaffected, an attack was conducted by compromising a Safe {Wallet} developer machine which affected an account operated by Bybit.” It also pointed out that a “forensic review of external security researchers did NOT indicate any vulnerabilities in the Safe smart contracts or source code of the frontend and services.”

The apparent back and forth between both companies mirrors that of WazirX and Liminal Custody, which blamed each other following a $230 million exploit last July.

On-chain data analyzed by ZachXBT shows that Lazarus is attempting to launder the stolen funds, with 920 wallets currently being tainted with the ill-gotten gains. The funds, perhaps inadvertently, have been commingled with stolen funds from hacks targeting Phemex and Poloniex, linking Lazarus Group to all three.
Read more: Bybit Declares ‘War on Lazarus’ as It Crowdsources Effort to Freeze Stolen Funds

25th February 2025

Bybit Declares ‘War on Lazarus’ as it Crowdsources Effort to Freeze Stolen Funds

Hacked cryptocurrency exchange Bybit has declared a “war against Lazarus” and launched a new website tracking the group’s wallet addresses, hoping to crowdsource the investigative efforts. In return for submissions that lead to frozen funds, the exchange is offering 5% of what gets frozen.

The declaration of “war” came from Bybit’s CEO, Ben Zhou, in a social media post in which he noted the firm was launching the first “first bounty site that shows aggregated full transparency on the sanctioned Lazarus money laundering activities.”

Zhou wrote that users can connect their wallets to the newly launched website to help trace the stolen funds, adding that when a submission leads to funds getting frozen, a “bounty is paid upfront” as soon as assets are frozen.

“We have assigned a team to dedicate to maintain and update this website, we will not stop until Lazarus or bad actors in the industry is eliminated. In the future we will open it up to other victims of Lazarus as well,” Zhou added.

Currently, 6,338 addresses tied to the Lazarus group are being tracked on the website, and around $42.3 million have already been frozen, corresponding to just over 3% of the stolen assets.

On Friday, the nearly $1.5 billion hack of crypto exchange Bybit rocked the crypto market and saw most digital asset prices tumbling. It was later reported that North Korea’s Lazarus Group was behind the attack, which was deemed “the largest crypto theft of all time, by some margin.”
Read more: Bybit Loses $1.5B in Hack but Can Cover Loss, CEO Confirms

21st February 2025

North Korean Lazarus Group Identified As Culprit In Bybit’s Historic $1.5 Billion Hack

In a significant blow to the cryptocurrency industry, Bybit, one of the leading crypto exchanges, has confirmed a major security breach involving its Ethereum cold wallet.

The incident, reported on Friday by Bitcoinist, marks one of the largest cryptocurrency hacks in history, with losses estimated at over $1.5 billion.

Bybit Hack Linked To North Korea’s Lazarus Group

According to Bybit, the breach occurred during a transfer from their ETH multisig cold wallet to a warm wallet. The exchange revealed on social media platform X (formerly Twitter) that the attack was executed through a “sophisticated manipulation” of the transaction process.

This manipulation allowed the hacker to mask the signing interface, which displayed the correct wallet address while altering the underlying smart contract logic.

Subsequently, on-chain market intelligence firm Arkham Intelligence revealed that crypto sleuth ZachXBT has provided compelling evidence linking the hack to the notorious Lazarus Group, a North Korea-backed hacker organization.

In his detailed analysis, ZachXBT reportedly submitted findings that included test transactions, associated wallets, forensic charts, and timing analyses. This information has been shared with Bybit to assist in its ongoing investigation.

$1.44 Billion In Misappropriated Assets

The scale of the breach is staggering. Estimates suggest that approximately 401,347 ETH, valued at around $1.12 billion, were withdrawn.

Additionally, other assets lost in the hack include 90,376 stETH worth $253.16 million, 15,000 cmETH valued at $44.13 million, and 8,000 mETH totaling $23 million. The total estimated loss stands at approximately $1.44 billion.

In light of this incident, Bybit has activated its security team and is collaborating with leading blockchain forensic experts to conduct a thorough investigation.

The exchange has also reached out to other teams with expertise in blockchain analytics and fund recovery, inviting them to assist in tracing the misappropriated assets.

It remains to be seen what further action Bybit will take with the information provided by ZachXBT and how the case will unfold regarding the misappropriated customer funds.

Bybit