ZachXBT Exposes Chinese OTC Trader’s Role in Lazarus Hacks

Binance
Chinese OTC trader linked to laundering stolen cryptocurrency for North Korea's Lazarus Group.
Ledger

ZachXBT Exposes Multi-Million Dollar Crypto Laundering Scheme

In a tweet on October 23, renowned blockchain detective ZachXBT outed Chinese OTC trader Yicong Wang for laundering stolen cryptocurrency on behalf of North Korea’s notorious Lazarus Group. Wang has been involved in cashing out more than $17 million in stolen crypto since 2022, which has gone toward funding the notorious hacking group.

Operating under the pseudonyms ‘Seawang,’ ‘Greatdtrader,’ and ‘BestRhea977,’ Wang is portrayed as a significant launderer of crypto in connection with various hacks pulled off by the Lazarus Group against DeFi platforms and cryptocurrency projects. These have siphoned off millions in digital assets.

Wang’s Role in Lazarus-Linked Hacks

ZachXBT’s sleuthing reveals that Wang’s Ethereum address was involved in over 25 Lazarus-related attacks where funds were stolen. In November 2023, Tether blacklisted a chunk of Wang’s Ethereum address, freezing 374,000 USDT. Wang moved in almost instantly, laundering the remaining funds through the privacy protocol Tornado Cash. The laundered Ether finally congregated in another wallet before being dispersed again in smaller portions.

By December 2023, blockchain analysis revealed that Wang had transferred $45,000 of the siphoned funds into Tron, then proceeded to split it among a handful of wallets linked to his pseudonyms. His activities so far have been linked with a wider crypto operation by the Lazarus Group, including the hacking of Alex Labs, EasyFi, and Bondly.

Despite Bans, Wang Continues to Operate

Although banned from the likes of Paxful and Noones, Wang still operates offsite. According to ZachXBT, Wang remains active in laundering money for the Lazarus Group despite the platform clampdowns. His wallet activity tends to indicate that, in fact, he has facilitated Lazarus Group’s crypto laundering operations as recently as these past weeks.

Minergate

The Lazarus Group’s Global Crypto Threat

The Lazarus Group is one of the most notorious cybercrime organizations globally, state-sponsored by North Korea, responsible for stealing over $3 billion in crypto assets between 2017 and 2023. Among its many sophisticated operations targeting cryptocurrency firms, the $625 million Ronin blockchain hack is the group’s largest exploit to date.

With recent warnings from the FBI in September 2023, the Lazarus Group is still a menace to the whole crypto industry, as advanced social engineering and hacking techniques enable it to exploit vulnerabilities across the decentralized finance space.

Paxful