October 25, 2024
By Our Correspondent
Blockchain investigator ZachXBT has identified a Chinese over-the-counter (OTC) trader alleged to have assisted the North Korea-affiliated Lazarus Group in laundering stolen cryptocurrency.
The individual, named Yicong Wang, is reported to have facilitated the conversion of tens of millions of dollars in cryptocurrency from various hacks into cash via bank transfers since 2022, as detailed in an October 23 post on X by the investigator.
ZachXBT initiated his inquiry into Wang after a follower reported that their cryptocurrency account was frozen following a peer-to-peer (P2P) transaction with the trader. This transaction was subsequently flagged for its suspected role in aiding North Korean hackers in money laundering activities.
Wang’s association with the Lazarus Group has been substantiated through ZachXBT’s investigation, which uncovered links to several hacks attributed to the group, including attacks on Alex Labs, Irys, and other organizations. One of the addresses associated with Wang, identified as “0x501,” reportedly aggregated over $17 million in digital assets connected to more than 25 hacks linked to Lazarus. In November 2024, Tether froze $374,000 USDT that was held in this wallet.
In December 2023, the Lazarus Group transferred $45,000 in stolen digital assets to multiple addresses associated with Wang. Similarly, in August 2024, funds stolen from Alex Labs were directed to Tron addresses linked to him. Furthermore, Wang received mixed funds from the hacks involving Alex Labs and Irys, including 746,000 USDT from an Ethereum address that had been blacklisted by Tether.
ZachXBT remarked: “On August 13, 746,000 USDT was transferred to an address associated with Yicong (THjaAygUNkzoXufwEoKCzbUZHpsehL9rAZ). Shortly before this transfer, the funds had been bridged from Ethereum, connecting to the blacklisted address 0x84d9ad5e6fdf7ca4de37684a1f7df371837e9a9c.”
Although Wang has been banned from crypto platforms like Paxful and Noones, where he operated under aliases such as Seawang, Greatdtrader, and BestRhea977, he continues to conduct business off-platform. He is believed to be still laundering funds for the Lazarus Group.
The examination reveals persistent weaknesses within the cryptocurrency sector and highlights the advanced tactics employed by the Lazarus Group, which is supported by North Korea. In the last year, these cybercriminals have been associated with the theft of over $500 million in digital assets through a series of cyberattacks.
Notable incidents include a $305 million breach of the DMM exchange in Japan and a $235 million hack of the WazirX exchange in India. Additionally, the Lazarus Group has been implicated in a $20 million loss at Indonesia’s Indodax exchange and a $52 million breach of the BingX crypto platform.
