Chinese OTC trader linked to laundering millions for North Korean hackers
Blockchain investigator ZachXBT detailed how the Chinese trader had been helping Lazarus Group launder funds since 2022.
Blockchain investigator ZachXBT has uncovered the identity of a Chinese over-the-counter (OTC) trader accused of aiding the North Korea-affiliated Lazarus Group in laundering stolen crypto.
The trader, identified as Yicong Wang, has reportedly helped the group convert tens of millions of dollars in crypto from various hacks into cash through bank transfers since 2022, according to an Oct. 23 post on X by the crypto sleuth.
ZachXBT said he began investigating Wang after receiving a report from one of his followers who claimed their crypto account was frozen following a peer-to-peer (P2P) transaction with the Chinese trader. The transaction was later flagged for allegedly assisting North Korean hackers in laundering money.
Wang’s connection to the Lazarus Group
ZachXBT’s investigation revealed that Wang is linked to several Lazarus Group-related hacks, including those targeting Alex Labs, Irys, and other entities.
One of Wang’s associated addresses, “0x501,” reportedly consolidated over $17 million in digital assets tied to more than 25 hacks attributed to Lazarus. In November 2024, Tether froze $374,000 USDT held in the same wallet.
In December 2023, the Lazarus Group transferred $45,000 in stolen digital assets to multiple addresses connected to Wang. Similarly, in August 2024, funds stolen from Alex Labs were sent to Tron addresses associated with him.
Additionally, Wang received commingled funds from the Alex Labs and Irys hacks. He also received 746,000 USDT from an Ethereum address blacklisted by Tether.
ZachXBT stated:
“On Aug. 13, 746,000 USDT was transferred to an address tied to Yicong (THjaAygUNkzoXufwEoKCzbUZHpsehL9rAZ). Shortly before, the funds had been bridged from Ethereum, linking the blacklisted address 0x84d9ad5e6fdf7ca4de37684a1f7df371837e9a9c.”
Although Wang has been banned from crypto platforms like Paxful and Noones, where he operated under aliases such as Seawang, Greatdtrader, and BestRhea977, he continues to conduct business off-platform. He is believed to be still laundering funds for the Lazarus Group.
The analysis illustrates the ongoing vulnerabilities in the crypto industry and the sophistication of the North Korea-backed Lazarus Group.
Over the past year, the hackers have been linked to over $500 million in cryptocurrency thefts from various cyberattacks. These include a $305 million breach of the Japan-based crypto exchange DMM and a $235 million hack of the India-based WazirX exchange. The Lazarus Group has also been connected to a $20 million loss from Indonesia’s Indodax exchange and a $52 million hack of the crypto platform BingX.