Notion | The connected workspace with site publishing

Title: Mapping the Underground: How Stolen Funds Are Laundered Through the Solana Ecosystem

Introduction

The Solana ecosystem, known for its high throughput, low fees, and increasingly liquid DeFi and NFT infrastructure, has become a hotspot for crypto innovation. With rapid growth comes increased attention—not only from developers and investors but also from malicious actors. Its efficiency, composability, and growing ecosystem also make Solana an ideal venue for laundering stolen funds. The recent $1.5 billion Bybit hack offers a chilling case study in how sophisticated these operations have become. More than 20,000 wallets, dozens of tokens, protocols, and cross-chain bridges were leveraged to obscure the funds’ trail.

In this article, we dive deep into the underbelly of illicit financial flows on Solana. We unpack how exploits unfold, detail the steps bad actors take to exfiltrate stolen funds, and meticulously map the different pathways through which funds are laundered. Our goal is to catalog both established and novel laundering techniques, label the relevant wallet addresses, and build a threat model for future defense.

This is not just an academic exercise—it is a response blueprint. Understanding how exploits are monetized allows us to freeze funds faster, build better tooling, and harden protocols against abuse.

Chapter 1: Anatomy of a Web3 Exploit

Every exploit in web3, regardless of chain, typically follows a four-stage pipeline:

Funding – The attacker funds their wallet(s), usually through CEXs, mixers, or stolen wallets.
Preparation – Deploying malicious code or infrastructure: this includes phishing pages, malicious smart contracts, or exploiting known bugs.
Execution – The actual exploit: draining funds from users or protocols.
Exfiltration (Laundering) – Turning the stolen funds into untraceable or fiat assets.

For this research, we focus exclusively on the fourth step: Exfiltration.

Chapter 2: Why Solana? The Launderer’s Paradise

Solana presents unique opportunities for laundering due to several key properties:

Low Fees: Micro-transactions cost less than $0.01, allowing for high-volume, low-risk laundering experiments.
High Throughput: The network can process thousands of transactions per second, enabling rapid fund movement.