Bybit Hack Funds Funneled Through Meme Coins, Onchain Sleuth Reports

$1.4B Bybit Hack Tied to Lazarus Group, Laundering Involved Pump Fun Meme Coins

The Lazarus Group, notorious for high-profile crypto hacks, is accused of siphoning $1.4 billion from Singapore-based exchange Bybit in a breach discovered earlier this week. Blockchain investigator ZachXBT traced part of the stolen funds to meme coin trading on Solana and cross-chain transfers, exposing complex laundering tactics.

On Feb. 22, ZachXBT said the hacker received $1.08 million in USDC to wallet “0x3639…7d1,” which bridged the funds to Solana. The assets were then moved to Binance Smart Chain (BSC) via wallet “EFmqz…dq2P” and split across 30+ addresses. Transactions show funds were later consolidated into wallet “0x0be9…55a3,” which redistributed 106,000 USDC to 10 BSC wallets before bridging back to Solana.

The onchain sleuth disclosed that several recipient addresses were “dusted” — targeted with small amounts of scam meme coins — prompting the hacker to exchange the tokens for SOL. ZachXBT noted the launderer previously created meme coins via Solana’s Pump.fun, a platform known for enabling rapid meme token launches.

On Feb. 23, ZachXBT identified 920+ addresses tied to the hack, linking them to Lazarus Group’s past laundering methods. The funds were ultimately routed through multiple crypto services and exchanges, complicating tracking efforts.

The breach highlights ongoing challenges in tracing cross-chain crypto thefts, particularly when involving decentralized platforms and meme coins. Authorities and exchanges are increasingly scrutinizing meme coin activity for illicit finance risks. The Lazarus Group, sanctioned by the U.S. Treasury since 2019, remains a persistent threat to global crypto security.