Blockchain investigator ZachXBT has uncovered the id of a Chinese language over-the-counter (OTC) dealer accused of aiding the North Korea-affiliated Lazarus Group in laundering stolen crypto.
The dealer, recognized as Yicong Wang, has reportedly helped the group convert tens of tens of millions of {dollars} in crypto from varied hacks into money by way of financial institution transfers since 2022, in keeping with an Oct. 23 publish on X by the crypto sleuth.
ZachXBT mentioned he started investigating Wang after receiving a report from certainly one of his followers who claimed their crypto account was frozen following a peer-to-peer (P2P) transaction with the Chinese language dealer. The transaction was later flagged for allegedly helping North Korean hackers in laundering cash.
Wang’s connection to the Lazarus Group
ZachXBT’s investigation revealed that Wang is linked to a number of Lazarus Group-related hacks, together with these concentrating on Alex Labs, Irys, and different entities.
Considered one of Wang’s related addresses, “0x501,” reportedly consolidated over $17 million in digital property tied to greater than 25 hacks attributed to Lazarus. In November 2024, Tether froze $374,000 USDT held in the identical pockets.
In December 2023, the Lazarus Group transferred $45,000 in stolen digital property to a number of addresses linked to Wang. Equally, in August 2024, funds stolen from Alex Labs have been despatched to Tron addresses related to him.
Moreover, Wang obtained commingled funds from the Alex Labs and Irys hacks. He additionally obtained 746,000 USDT from an Ethereum handle blacklisted by Tether.
ZachXBT acknowledged:
“On Aug. 13, 746,000 USDT was transferred to an handle tied to Yicong (THjaAygUNkzoXufwEoKCzbUZHpsehL9rAZ). Shortly earlier than, the funds had been bridged from Ethereum, linking the blacklisted handle 0x84d9ad5e6fdf7ca4de37684a1f7df371837e9a9c.”
Though Wang has been banned from crypto platforms like Paxful and Noones, the place he operated beneath aliases resembling Seawang, Greatdtrader, and BestRhea977, he continues to conduct enterprise off-platform. He’s believed to be nonetheless laundering funds for the Lazarus Group.
The evaluation illustrates the continuing vulnerabilities within the crypto trade and the sophistication of the North Korea-backed Lazarus Group.
Over the previous 12 months, the hackers have been linked to over $500 million in cryptocurrency thefts from varied cyberattacks. These embrace a $305 million breach of the Japan-based crypto change DMM and a $235 million hack of the India-based WazirX change. The Lazarus Group has additionally been linked to a $20 million loss from Indonesia’s Indodax change and a $52 million hack of the crypto platform BingX.