Chinese OTC Trader Linked to Laundering Millions for North Korean Hackers

A recent investigation by blockchain analyst ZachXBT has exposed a Chinese over-the-counter (OTC) trader, Yicong Wang, as a key player in laundering stolen cryptocurrency for the notorious North Korea-affiliated Lazarus Group. Since 2022, Wang has allegedly facilitated the conversion of tens of millions of dollars in hacked crypto into cash through bank transfers.

ZachXBT’s investigation began after a follower reported their account being frozen following a peer-to-peer (P2P) transaction with Wang. The transaction was flagged due to its suspected involvement in aiding North Korean hackers with money laundering.

Wang’s Ties to the Lazarus Group

The blockchain investigator's findings link Wang to multiple cyberattacks attributed to the Lazarus Group, including those targeting Alex Labs, Irys, and other crypto entities. One of Wang’s associated addresses, known as "0x501," consolidated over $17 million in stolen digital assets from more than 25 hacks connected to Lazarus. In November 2024, Tether froze $374,000 in USDT from the same wallet.

Further analysis revealed that in December 2023, the Lazarus Group transferred $45,000 in stolen crypto to several addresses tied to Wang. Similarly, in August 2024, assets stolen from Alex Labs were moved to Tron addresses linked to him. Wang also received funds commingled from the Alex Labs and Irys hacks, including 746,000 USDT from a blacklisted Ethereum address.

Despite being banned from several crypto platforms, including Paxful and Noones, where he operated under aliases like Seawang, Greatdtrader, and BestRhea977, Wang continues to conduct business off-platform. It is believed that he is still involved in laundering money for the Lazarus Group.

Crypto Industry Vulnerabilities

This investigation highlights the ongoing vulnerabilities within the cryptocurrency ecosystem and the sophistication of North Korea’s Lazarus Group. Over the past year, the group has been tied to more than $500 million in crypto theft from major cyberattacks. These include a $305 million hack of Japan’s DMM exchange, a $235 million breach of India’s WazirX, a $20 million loss from Indonesia’s Indodax exchange, and a $52 million hack of the BingX platform.

The scale and frequency of these attacks underscore the urgent need for stronger anti-money laundering measures in the crypto industry to combat increasingly sophisticated criminal operations.