A Chinese trader helped North Korea-linked hacker Lazarus Group launder millions of dollars worth of stolen cryptocurrency.
In a post published on X on October 23, blockchain researcher ZachXBT revealed that Chinese over-the-counter trader Yicong Wang, operating under various aliases, helped Lazarus Group convert millions of stolen crypto into cash.
According to ZachXBT, blockchain data shows that Wang has been helping launder cryptocurrencies through bank transfers since 2022. OTC nicknames include ‘Seawang’, ‘Greatdtrader’ and ‘BestRhea977’.
OTC trader worked with hacker group
ZachXBT’s investigation into Wang’s activities began recently when a trader approached ZachXBT with information that his account had been frozen following a peer-to-peer transaction with Wang.
A Tron (TRX) wallet belonging to the suspect helped connect Wang to a series of transactions involving illicit funds linked to the $4.5 million hack of Alex Labs. On-chain data also showed that the trader’s wallet address was linked to several other hack-related fund transfers, including Irys co-founder EasyFi, Bondly, and Maverick.
Lazarus Group was behind the $4.3 million Alex Labs hack in May 2024 and the $1.3 million Irys co-founder hack in July 2024. Funds transferred to deposit addresses linked to hackers reached Wang’s addresses. Wang helped shuffle and bridge funds to Tron addresses in transactions that occurred on August 13, 2024.
ZachXBT also reported that Tether blacklisted an Ethereum address linked to Wang holding 948,000 Ether (ETH) in August 2024.
“Although Yicong Wang was banned from Paxful and Noones on multiple accounts (Seawang/Greatdtrader/BestRhea977) for money laundering, he has since moved to conducting his business off-site. “It appears from the on-chain that ZachXBT has still been actively assisting the Lazarus Group for the past few weeks,” he said.
Lazarus Group and major crypto attacks
This is the latest revelation from ZachXBT, whose commitment to unmasking malicious actors in the crypto space has helped put multiple individuals on law enforcement’s radar. ZachXBT has also been at the forefront of efforts to recover stolen funds, including crypto hacks, rug pulling, and ransomware attacks.
Lazarus Group, meanwhile, has been linked to several high-profile crypto hacks over the past few years, including the $625 million exploit of the Ronin blockchain. The US Department of Justice and the Federal Bureau of Investigation have highlighted that Pyongyang-linked hackers are some of the most destructive cybercriminals in the world.
In April this year, ZachXBT revealed that Lazarus Group laundered more than $200 million from more than 25 crypto hacks between 2020 and 2023.