Solareum

2023-12

Solareum team publicly announces in its Telegram support channel that it is 'onboarding a new dev' — later identified by prosecutors as a North Korean (DPRK) national operating under a false identity.

2024-03-29

Exploit begins: over 300 Solana users report their wallets have been drained. Approximately 2,800 SOL (~$523,000) is stolen. Solareum acknowledges a possible security breach. BONKbot analysis identifies private key importation into Solareum as the common factor among victims.

2024-03-30

Security researcher Taylor Monahan is brought in to investigate; identifies DPRK IT worker fingerprints in the onchain activity. Tether freezes stolen funds after researchers provide evidence. Solareum announces project shutdown via Telegram, citing 'insufficient funds, evolving market trends, and a recent security breach.' Website is deleted and community channels are closed. No compensation plan is announced for affected users.

2024-05

Approximately two months after the March hack, the FBI seizes approximately $950,000 in USDT connected to the laundered Solareum exploit proceeds.

2025-01-21

Prosecutors file a court filing in the Northern District of Georgia detailing how a DPRK developer infiltrated Solareum and stole 6,045 SOL (~$1.4 million) as part of a broader action charging four North Koreans with cryptocurrency theft schemes.