On May 4, 2026, on-chain investigator ZachXBT published a detailed report accusing the decentralized exchange aggregator Tokenlon of facilitating the movement of illicit funds tied to the Lazarus Group, the North Korean hacking syndicate linked to major crypto heists. According to ZachXBT’s findings, over $45 million in laundered funds passed through Tokenlon’s smart contracts over the preceding six months, with stolen Ether systematically converted into stablecoins before off-ramping to fiat currency or non-custodial wallets.
On-Chain Movement of Stolen Assets
ZachXBT’s report traces a series of “hop-and-swap” transactions where funds stolen during late 2025 cross-chain bridge exploits were funneled into Tokenlon. The investigator argues that Tokenlon’s permissionless nature and lack of aggressive front-end filtering made it an ideal conduit for illicit actors. By analyzing timing and gas signatures of suspicious wallets, ZachXBT demonstrated a high correlation between Lazarus-linked “mixer” outputs and subsequent trading volume on Tokenlon. The report emphasizes that the sheer volume of illicit activity suggests a failure in monitoring tools that are now standard for many other major decentralized finance platforms operating in the 2026 regulatory environment.
Tokenlon Response and Industry Impact
Following the report’s publication, the Tokenlon core team issued a preliminary statement confirming they are investigating the flagged addresses and working with blockchain security firms to implement more robust blacklisting features. However, the incident has already affected the protocol’s reputation, with several large liquidity providers temporarily withdrawing funds to avoid potential regulatory scrutiny. This case highlights the ongoing tension in the crypto industry between the ethos of permissionless finance and the practical necessity of preventing state-sponsored crime. As international regulators continue to tighten oversight on DeFi platforms, the Tokenlon investigation serves as a reminder that on-chain anonymity is increasingly fragile.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
South Korea's Financial Services Commission Partially Wins Appeal Against Crypto Exchange Over Unreturned User Assets on April 16
According to Seoul High Court's Administrative Division 4-3, on April 16, the Financial Services Commission (FSC) partially won its appeal against cryptocurrency exchange A's injunction request, with 3 of 4 administrative orders upheld. The exchange stopped operations on November 30, 2020, but
GateNews5m ago
Crypto whale sues Coinbase, accusing it of freezing stolen DAI and then refusing to return it
According to The Block on May 6, an anonymous crypto whale who filed a lawsuit under the pseudonym “DB” sued Coinbase and the accused thief “John Doe” on Monday, accusing Coinbase of refusing to return frozen DAI funds related to a 2024 crypto theft case even after it provided sworn affidavit proof that it is the legitimate owner.
MarketWhisper24m ago
North Korea Terror Victims File Motion to Seize $71M From Aave Hack, Reframe as Fraud
Attorneys for victims of three North Korea terrorism cases filed a 30-page response on Tuesday, reframing the April 18 Aave hack as fraud rather than theft. The distinction carries legal significance: characterizing the incident as fraud could grant the attackers legal title to the borrowed
GateNews54m ago
MOTHER token investors file a class-action lawsuit, alleging Iggy Azalea failed to fulfill commercial commitments
According to CoinTelegraph, on May 6, the plaintiff Kenneth Kolbrak filed a class action lawsuit in the Manhattan federal court in New York, on May 4. The defendants are rapper Iggy Azalea, and the suit alleges that she made false statements about the actual use and business integration of the meme coin Mother Iggy (MOTHER) based on the Solana blockchain.
MarketWhisper59m ago
US media investigation: Polymarket’s Panama headquarters is a law firm that previously provided services for FTX
According to an investigation published by National Public Radio (NPR) in the United States on May 5, a reporter went to the Panama headquarters address registered on Polymarket’s official site—21st floor, Oceania Business Plaza, Panama City—and found no traces of Polymarket or any of its Panama legal entities on site. The office at that address, Garcia de Paredes Law Firm, previously provided legal services to FTX.
MarketWhisper3h ago
