ZachXBT, a blockchain investigator, identified Yicong Wang, a Chinese over-the-counter (OTC) crypto trader, as a central figure in laundering stolen cryptocurrency for North Korea’s Lazarus Group since 2022. Wang’s involvement reveals the increasing reliance of state-sponsored entities like Lazarus on private actors for laundering digital assets.
Lazarus, a North Korean state-sponsored cybercriminal organization also known as APT38 or Bluenoroff, has targeted decentralized finance (DeFi) protocols, bridges, and exchanges since 2020, orchestrating over 25 hacks and stealing over $200 million in assets. These funds were channeled through mixers like Tornado Cash and converted to fiat using P2P platforms like Noones and Paxful, with Wang operating under aliases such as “Seawang” and “Greatdtrader.” Efforts to recover funds led to partial seizures, including $374,000 in USDT and $3.4 million in stablecoins in 2023, but regulatory enforcement remains challenging due to the decentralized nature of DeFi and P2P networks.
The exposure of Wang’s role illustrates North Korea’s evolving tactics in crypto-related financial crimes, focusing on blending stolen digital assets into the global financial system with the help of intermediaries. Blockchain analytics firms estimate that North Korea has stolen $3 billion to $4.1 billion worth of cryptocurrencies since 2017, making crypto theft a significant revenue stream for the regime. Despite regulatory and enforcement efforts, North Korea is expected to persist in targeting digital assets, with OTC traders like Wang continuing to undermine anti-money laundering (AML) frameworks. Disrupting these activities will likely require enhanced blockchain monitoring, stricter regulations, and international collaboration.
The investigation lacks detailed information about other intermediaries facilitating these transactions, representing a significant intelligence gap. Addressing this gap through stronger KYC (Know Your Customer) measures in P2P networks and increased international collaboration could improve identification and tracking of illicit actors.
Three critical pieces of evidence in this investigation include:
1. Identity of Yicong Wang: ZachXBT’s identification of Wang as a key facilitator, using aliases to evade detection, provides a clear link between North Korea’s Lazarus Group and the global financial network.
Details: Wang’s operations leveraged China’s OTC networks, highlighting the strategic use of intermediaries to obscure transaction origins.
2. $200 Million Laundered: The confirmation that over $200 million was laundered through mixers and P2P platforms from 2020 to 2023 establishes the scale of Lazarus’s operations.
Details: This amount ties directly to over 25 major crypto hacks, indicating a sustained and organized effort by Lazarus to exploit vulnerabilities in the crypto sector.
3. Partial Recovery of Funds: The seizure of $374,000 in USDT and $3.4 million in stablecoins in 2023 demonstrates partial success in enforcement, but also the inherent difficulties in recovering laundered digital assets.
Details: These figures underscore both the capabilities and limitations of current regulatory measures in combating decentralized financial crime.
Overall, the outlook suggests continued efforts by North Korea to exploit crypto networks, posing significant challenges to global financial security. The focus should be on developing more rigorous intelligence and collaboration to effectively counter these tactics.