Last updated:
On October 23, blockchain investigator ZachXBT revealed on X that Chinese over-the-counter (OTC) trader Yicong Wang, operating under various aliases such as ‘Seawang,’ ‘Greatdtrader,’ and ‘BestRhea977’, has been helping North Korea’s notorious Lazarus Group launder millions of dollars in stolen cryptocurrency.
ZachXBT’s investigation found that Wang had been involved in laundering crypto since 2022 by converting it into cash through bank transfers.
ZachXBT Strikes Again: Unmasking Chinese OTC Trader’s Connection to Lazarus Hacks
The inquiry into Wang’s illicit activities began when a trader reported that their account had been frozen following a peer-to-peer transaction with Wang. Further investigation linked Wang to multiple stolen funds, including crypto from high-profile hacks.
Notably, $17 million from over 25 Lazarus-related hacks were funneled through an Ethereum address, which was partially blacklisted by Tether in November 2023, freezing 374,000 USDT.
After the blacklisting, the remaining funds were laundered through Tornado Cash, where large sums of ETH were later withdrawn and consolidated into another wallet.
In December 2023, $45,000 was moved to Tron and split across several addresses linked directly to Wang. His wallet activity reveals extensive connections to Lazarus Group operations, including hacks on high-profile crypto projects like Alex Labs, Irys, EasyFi, and Bondly.
From Paxful Ban to Offsite Operations: How Wang Stays in the Game Despite Crackdowns
Wang’s wallet was connected to the $4.5 million hack of Alex Labs in May 2024, one of many attacks carried out by Lazarus Group. Blockchain data also revealed that Wang facilitated the movement of stolen crypto tied to other hacks, including those of Irys co-founder, EasyFi, Bondly, and Maverick.
“While Yicong Wang has been banned from Paxful and Noones on multiple accounts (Seawang/Greatdtrader/BestRhea977) for laundering funds, he has since moved to conducting business offsite,” ZachXBT wrote. “It’s apparent from on-chain he has still been actively helping Lazarus Group within the past couple weeks.”
The Lazarus Group, tied to North Korea, has been linked to numerous high-profile crypto hacks, including the $625 million exploit of the Ronin blockchain.
In early September, the United States Federal Bureau of Investigation (FBI) warned about the North Korean hacker group Lazarus, which has turned to elaborate social engineering schemes to target decentralized finance (DeFi) and cryptocurrency companies.
According to the FBI’s notice on September 3, these malicious actors stole funds by conducting detailed research on cryptocurrency-linked exchange-traded funds (ETFs).
ZachXBT previously reported that between 2020 and 2023, Lazarus Group laundered over $200 million from over 25 crypto-related hacks.
Lazarus is among the most notorious groups of crypto hackers. It first emerged in 2009 and stole over $3 billion in crypto assets in the six years leading up to 2023.