How Chinese OTC trader Yicong Wang helped Lazarus Group convert stolen crypto into cash

The post How Chinese OTC trader Yicong Wang helped Lazarus Group convert stolen crypto into cash appeared on BitcoinEthereumNews.com.

Yicong Wang, a Chinese OTC trader, has been laundering stolen crypto for the notorious North Korean hacking group known as Lazarus Group since 2022. Known for using pseudonyms like Seawang, Greatdtrader, and BestRhea977, Wang has helped convert tens of millions of dollars in stolen crypto into cash through bank transfers. On-chain investigator ZachXBT exposed Wang’s involvement after a victim reached out earlier in the year to report that their account was frozen after completing a P2P transaction with the criminal. They also provided Zach with a TRON wallet address used by Wang, taken from a WeChat conversation. Wang’s role in laundering stolen crypto Zach’s research revealed that Yicong Wang facilitated laundering of stolen funds from Lazarus-related hacks like those on Alex Labs, EasyFi, Bondly, and the Irys co-founder. Specifically, one address controlled by Wang consolidated $17 million from these hacks, with $374K USDT blacklisted by Tether in November 2023. After this blacklist, the remaining funds were quickly moved to Tornado Cash, the infamous crypto mixer. Between November and December 2023, 13 transactions of 100 ETH each were withdrawn and moved to a different Ethereum address. Later in December, $45K was bridged to TRON, eventually landing in wallets tied to Wang. Despite Tether’s attempts to blacklist these funds, he moved the money efficiently through crypto mixing services. Lazarus’ attack on Alex Labs in May 2024 resulted in a $4.5 million loss. Shortly after, one of the hacked addresses deposited 470 ETH into a privacy protocol. The same amount was withdrawn and transferred to two new addresses within hours. Another 449 ETH followed the same pattern between June 27 to 28 this year, and ended up in Wang’s accounts. More stolen crypto laundered In July, Lazarus Group launched another attack, this time targeting the Irys co-founder. They used a spear-phishing email campaign…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ October 23, 2024 10:19 pm