ZachXBT Exposes Chinese OTC Trader’s Involvement in Lazarus Hacks
In a recent disclosure on X, blockchain investigator ZachXBT uncovered the role of Chinese over-the-counter (OTC) trader Yicong Wang in assisting North Korea’s infamous Lazarus Group in laundering millions of dollars in stolen cryptocurrency. Wang, operating under various aliases such as ‘Seawang,’ ‘Greatdtrader,’ and ‘BestRhea977,’ has been engaged in crypto laundering since 2022 by converting it into cash through bank transfers.
ZachXBT Strikes Again: Revealing the Connection between the Chinese OTC Trader and Lazarus Hacks
The investigation into Wang’s illicit activities began when a trader reported their account being frozen after a peer-to-peer transaction with Wang. Further scrutiny linked Wang to various stolen funds, including crypto obtained from high-profile hacks. Notably, an Ethereum address used to funnel $17 million from over 25 Lazarus-related hacks was partially blacklisted by Tether in November 2023, leading to the freezing of 374,000 USDT.
Following the blacklisting, the remaining funds were laundered through Tornado Cash, where substantial amounts of ETH were later withdrawn and consolidated into another wallet. In December 2023, $45,000 was transferred to Tron and divided among several addresses directly linked to Wang. His wallet activity reveals extensive connections to Lazarus Group operations, including hacks on prominent crypto projects like Alex Labs, Irys, EasyFi, and Bondly.
From facing a ban on Paxful to engaging in offsite operations: Wang’s persistence despite crackdowns
Wang’s wallet was connected to the $4.5 million hack of Alex Labs in May 2024, one of the numerous attacks carried out by the Lazarus Group. Blockchain data also exposed Wang’s involvement in facilitating the movement of stolen crypto associated with other hacks, including those targeting Irys co-founder, EasyFi, Bondly, and Maverick.
“While Yicong Wang has been banned from Paxful and Noones on multiple accounts (Seawang/Greatdtrader/BestRhea977) for laundering funds, he has since moved to conducting business offsite,” wrote ZachXBT. “On-chain evidence indicates that he has been actively aiding the Lazarus Group in the past few weeks.”
The Lazarus Group, connected to North Korea, has been involved in numerous high-profile crypto hacks, including the $625 million exploit of the Ronin blockchain. In early September, the United States Federal Bureau of Investigation (FBI) issued a warning about the Lazarus hacker group, highlighting their use of sophisticated social engineering schemes to target decentralized finance (DeFi) and cryptocurrency companies.
According to the FBI’s notice on September 3, these malicious actors stole funds by meticulously researching cryptocurrency-linked exchange-traded funds (ETFs). ZachXBT previously revealed that between 2020 and 2023, the Lazarus Group laundered over $200 million from more than 25 crypto-related hacks.
Lazarus remains one of the most notorious groups of crypto hackers, having emerged in 2009 and amassing over $3 billion in stolen crypto assets in the six years leading up to 2023.
