In a recent shocking revelation, a Chinese OTC trader has been accused of allegedly helping the Lazarus Group, a North Korean crypto hacker group, cash out money stolen from multiple hacks.
ZachXBT, a blockchain sleuth, recently shared a post on X where he detailed his investigation and on-chain analysis linking a person named Yicong Wang (王逸聪) to these activities. In his investigation, ZachXBT reveals Wang’s connection to numerous transactions tied to a bizarre hack performed by the Lazarus Group, in which millions of dollars were drained from various crypto platforms. These hacks involve EasyFi, Bondly, the Maverick co-founder, and others.
Meet the Master of Deception: Yicong Wang
Learning about Blockchain can be challenging, especially for those unfamiliar with the space. So, here’s a creative piece that makes it fun and easy to read without getting boring or confusing.
Before diving into the story of digital loot, let me introduce you to the heroes and villains of this tale. ZachXBT is our hero, solving the mystery and tracking down a person who helped hackers cash out millions of dollars. On the other hand, Yicong Wang is the villain roaming free in the shadows, secretly helping the Lazarus Group while staying hidden.
Alright, let’s begin this story with a bang!
1. Let’s uncover something, yet nothing, about Yicong Wang (王逸聪)
Yicong Wang is the main villain of our story, who is a Chinese OTC trader. Think of him as the middleman or a dealer who helps convert stolen cryptocurrency funds into hard cash. Wang has been linked to the infamous Lazarus, a North Korean hacking group that has looted tens of millions of dollars from people all over the internet since 2022.
2. Trouble for Innocent Traders & Hero’s Entry
A few months back, an innocent crypto trader “Sam” experienced something strange. His exchange account was frozen right after he made a simple P2P (peer-to-peer) transaction with Wang. Saw was unaware of the truth that he had unknowingly dealt with a criminal.
To deceive people like Sam, Wang used fake names like Seawang, Greatdtrader, and BestRhea977 to hide his true identity.
Here’s where our hero, ZachXBT comes into the play. Sam shared one of Wang’s crypto wallet addresses with ZachXBT. The wallet opened the door to a pile of evidence. One address, THsSCBGazjjho7u2BQQsmrpbDv1Q237FL4, was like a fingerprint connecting Wang to some dirty dealings.
3. A Deal Too Good to Be True
Fast forward to August 2024, when Wang offered Sam a tempting deal to trade 1.5 million USDT, a widely known stablecoin pegged with USD, for Chinese Yuan at a bargain price. Surprisingly, This offer was far below the market rate. Suspicious much? Here’s the wallet address tied to the shady deal: THjaAygUNkzoXufwEoKCzbUZHpsehL9rAZ.
4. The Stolen Crypto Trail
But, here Wang made a first mistake, which is going to expose him in front of the entire cryptoverse.
While digging Wang’s past, investigators found something big and shady. His address was linked to a bunch of cyberattacks and has a “high illicit fund exposure from the Alex Labs, Irys co-founder, and a consolidation of other hacks (EasyFi, Bondly, Maverick co-founder, etc)”.
Millions of dollars stolen from different platforms like Alex Labs and Irys were passing through his wallets. It is like watching money move from place to place, leaving a trail that only a sharp eye can track.
5. A $17 Million Loot
Wang’s wallet had over $17 million from more than 25 Lazarus Group hacks. But here is a plot twist: Tether blacklisted one of his wallets, freezing $374,000 USDT in November 2023.
In December 2023, $45K was moved to the Tron network and sent to several addresses linked to Yicong. ZachXBT investigation says, “Within days after the deposits 13 X 100 ETH was withdrawn and consolidated at 0x81a”.
Wang quickly moved the rest of the stolen funds through Tornado Cash, a tool that shuffles transactions to make them harder to trace. Though our hero is very smart, it wasn’t a problem for him.
To read more about How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020 – 2023, read this thread.
6. The Alex Labs Heist
In May 2024, Alex Labs was hacked for $4.5 million. On June 16, 2024, one of the hacker’s wallets deposited 470 ETH into a privacy protocol. It is like hiding gold in a secret vault. The next day, the same amount (470 ETH) was withdrawn and split between two new addresses, one of which is 0x9fc1350f80734044b7189fe7b8f288396f76feb5.
The hacker was not stopped there. More stolen ETH was moved around in late June and August, which eventually landed in wallets linked to Wang! Isn’t he always a few steps ahead and great at moving fast?
7. Irys Co-Founder Gets Scammed
In July 2024, the co-founder of Irys became the next victim of the Lazarus Group. A sneaky email phishing attack led to $1.3 million in stolen funds. By analyzing the transactions, detectives found that these stolen cryptocurrencies were mixed with the Alex Labs hack, linking the crimes together.
8. Blacklisted Wallets
In August 2024, another wallet connected to Wang was blacklisted by Tether. Almost $950K was frozen, but not before Wang moved 746K USDT through another shady address: THjaAygUNkzoXufwEoKCzbUZHpsehL9rAZ.
Climax: THE END For Yicong Wang
Wang’s tricks have not gone unnoticed. He’s been banned from major platforms like Paxful and Noones for using fake identities. Yet, he is still operating under the radar, avoiding authorities and laundering money for a dangerous hacker group like Lazarus Group.
For now, Yicong Wang remains out of reach. However, with investigators closing in, it might just be a matter of time before he is caught digitally as he has already been exposed in front of the crypto community.
Also Read: Exclusive: Are these North Korean Hackers behind WazirX Hack?
