Unveiling the Identity of a Key Crypto Launderer
Blockchain investigator ZachXBT has revealed the identity of a Chinese over-the-counter (OTC) trader linked to the North Korea-affiliated Lazarus Group, who is accused of facilitating the laundering of stolen cryptocurrencies.
Meet Yicong Wang
Yicong Wang has reportedly played a significant role in converting tens of millions of dollars in crypto from various hacking incidents into cash via bank transfers since 2022, as detailed in an October 23 post on X by ZachXBT.
The Investigation Begins
ZachXBT’s inquiry into Wang was sparked by a follower’s claim that their crypto account was frozen after a peer-to-peer (P2P) transaction with Wang, which raised flags for its alleged connections to North Korean hacking operations.
Wang’s Involvement with the Lazarus Group
The investigation uncovered multiple connections between Wang and several attacks attributed to the Lazarus Group, impacting entities like Alex Labs and Irys.
- Wang’s address “0x501” was implicated in consolidating over $17 million in assets linked to more than 25 hacks.
- Tether froze $374,000 USDT held in this wallet in November 2024.
- In December 2023, the Lazarus Group transferred $45,000 in stolen funds to wallets associated with Wang.
- Funds from the Alex Labs hack were also traced back to Tron addresses linked to him in August 2024.
“On Aug. 13, 746,000 USDT was transferred to an address tied to Yicong. Prior to that, the funds were bridged from Ethereum, connecting to a blacklisted address.”
Ongoing Activity Despite Bans
Despite being banned from crypto platforms such as Paxful and Noones, where he operated under various aliases like Seawang and Greatdtrader, Wang continues to conduct transactions off-platform and is believed to still be laundering money for the Lazarus Group.
The Bigger Picture
This case exemplifies the persistent vulnerabilities within the cryptocurrency sector, as well as the advanced tactics employed by the Lazarus Group, which is backed by North Korea.
Recent Hacking Activities
Over the past year, the Lazarus Group has been linked to over $500 million in cryptocurrency thefts from multiple cyberattacks, including:
- A $305 million breach of the Japanese crypto exchange DMM.
- A $235 million hack of the India-based WazirX exchange.
- A $20 million loss associated with Indonesia’s Indodax exchange.
- A $52 million breach of the crypto platform BingX.