A Chinese OTC Trader Facilitating $6M Lazarus Group’s Crypto Laundering
Yicong Wang facilitated a substantial USDT (Tether) to CNY (Chinese Yuan) transaction on August 13, 2024, involving approximately 1.5 million USDT at an unusually low rate, raising serious red flags
A Chinese OTC (Over-the-Counter) trader has emerged as a key facilitator for Lazarus Group, a notorious North Korean hacking group, in their illicit activities says Zachxbt.
Yicong Wang, operating under pseudonyms like Seawang, Greatdtrader, and BestRhea977, has been actively converting stolen cryptocurrency into cash through bank transfers since 2022.
The trial starts with a concerned individual who, after engaging in a peer-to-peer transaction with Yicong Wang, found their exchange account frozen. Sharing a Tron wallet address obtained from a WeChat conversation with the individual – THSCBGazjjho7u2BQQsmrpbDv1Q237FL4 – reveals a disturbing connection to a network of illicit activity.
Additionally, Wang facilitated a substantial USDT (Tether) to CNY (Chinese Yuan) transaction on August 13, 2024, involving approximately 1.5 million USDT at an unusually low rate, raising serious red flags. This transaction, identified by the Tron wallet address THjaAygUNkzoXufwEoKCzbUZHpsehL9rAZ, is a crucial piece of the puzzle.
A deeper analysis of blockchain data linked to Yicong Wang reveals an alarming pattern – a consistent exposure to illicit funds originating from various hacks, including those orchestrated by Lazarus Group.
Notable examples include the theft of approximately $4.5 million from Alex Labs in May 2024, and the $1.3 million stolen from the Irys co-founder through an email spear phishing campaign in July 2024.
Chinese OTC Trader Blacklisted on Top Platforms
In August 2024, authorities blacklisted an Ethereum address directly linked to Yicong Wang, which held 948,000 USDT, further solidifying this pattern. On August 13th, someone transferred 746,000 USDT from this address to another address linked to Yicong Wang, THjaAygUNkzoXufwEoKCzbUZHpsehL9rAZ, confirming his role in Lazarus Group’s illicit activities.
Despite the trader ban from platforms like Paxful and Noones under multiple aliases, Yicong Wang has continued his operations by shifting to off-platform business dealings.
Detailed tracing of the funds from various hacks, including Alex Labs and Irys, reveals a consistent pattern of commingling funds from different attacks and transferring them to Yicong Wang’s Tron addresses.
The blacklisting of an Ethereum address directly linked to Yicong Wang in August 2024, which held 948,000 USDT, further reinforced this pattern. On August 13th, 746,000 USDT from this address were transferred to another address linked to Yicong Wang, THjaAygUNkzoXufwEoKCzbUZHpsehL9rAZ, solidifying his role in Lazarus Group’s illicit activities.
Nonetheless, his persistent involvement with Lazarus Group, evident in the recent transactions involving stolen funds, highlights the ongoing threat he poses to the integrity of the cryptocurrency ecosystem.