A Chinese OTC trader is accused of laundering more than $17 million in stolen cryptocurrency for the Lazarus Group, a hacker group believed to be linked to the North Korean government.

The cryptocurrency community is abuzz with allegations that a Chinese over-the-counter (OTC) trader laundered tens of millions of dollars in stolen cryptocurrency for the Lazarus Group, a notorious hacker group behind some of the world’s biggest cryptocurrency hacks. According to on-chain analyst ZachXBT, the trader, Yicong Wang, has been converting stolen cryptocurrency into cash for Lazarus through bank transactions since 2022.

ZachXBT said in an October 23 X post that Wang was exposed by a user whose account was frozen after making a peer-to-peer (P2P) trade with Wang. The user then contacted ZachXBT again when Wang offered to make a large transaction converting $1.5 million USDT to Chinese Yuan (CNY) on August 13, 2024 at a much lower rate than the market.

Source: ZachXBT

One of the wallet addresses associated with Wang, wallet “0x501,” consolidated more than $17 million worth of cryptocurrency linked to more than 25 attacks carried out by Lazarus. Tether froze 374,000 USDT in this wallet in November 2023, according to ZachXBT.

OTC trader Wang's money flow. Source: ZachXBT

Lazarus Group, a cybercrime group believed to be linked to the North Korean government, is known for being behind some of the biggest hacks in cryptocurrency history, including the Ronin Bridge attack that cost $600 million.

New threat from Lazarus Group

In early September 2024, the US Federal Bureau of Investigation (FBI) issued a warning about Lazarus Group's shift to social engineering-based fraud methods. According to the announcement on September 3, hackers from North Korea are targeting employees of decentralized finance (DeFi) and cryptocurrency companies, aiming to steal assets through complex fraud campaigns.

The FBI has specifically warned that scammers have been closely studying companies involved in cryptocurrency exchange-traded funds (ETFs). Michael Pearl, vice president of strategy at on-chain security firm Cyvers, said that US-based Bitcoin ETFs could be Lazarus Group’s next target due to their large asset potential. “The FBI has warned that North Korean hackers will try to break into and steal money from ETFs. These funds all hold the underlying Bitcoin and someone is definitely planning to attack them,” he said.

Additionally, Lazarus Group may be targeting the Cosmos ecosystem. According to a Cointelegraph report, part of Cosmos’ Liquid Staking Module (LSM) may have been built by North Korean developers. Melody Chan, chief researcher at the non-profit Redecentralise, warned that this raises concerns about the ecosystem’s vulnerability to exploitation. “The biggest concern is that these developers could add vulnerabilities or install backdoors to attack the system,” Chan said. “Given the current issues with LSM and the FBI warning, it’s clear that a code review is warranted.”