A China-based over-the-counter (OTC) trader has allegedly laundered tens of millions of dollars worth of stolen crypto for the infamous North Korean Lazarus Group, the hackers behind some of the biggest cryptocurrency hacks.
Chinese OTC trader Yicong Wang has been converting stolen cryptocurrencies to cash on behalf of the Lazarus Group through bank transfers since 2022, according to popular onchain analyst ZachXBT.
The trader was revealed by one of ZachXBT’s followers who had his account frozen after completing a peer-to-peer transaction with Wang, wrote ZachXBT in an Oct. 23 X post:
“Recently they reached back out after having been approached by Yicong Wang for a larger USDT -> CNY order on August 13, 2024, involving ~$1.5M USDT at a rate much lower than the market rate.”
One of the addresses associated with Wang, wallet “0x501” consolidated over $17 million worth of cryptocurrency connected to over 25 Lazarus Group hacks before Tether froze $374,000 USDt (USDT) held by the wallet in November 2023, added the onchain investigator.
The infamous Lazarus Group, a cybercrime group connected to the North Korean government, is credited for some of the biggest-ever crypto hacks, including the $600-million Ronin bridge exploit.
Related: Lazarus Group laundered over $200M in hacked crypto since 2020
Lazarus Group turns to social engineering crypto schemes — FBI warning
At the beginning of September, the United States Federal Bureau of Investigation (FBI) issued a warning about Lazarus Group turning to social engineering schemes.
In a Sept. 3 notice, the FBI said North Korean malicious cyber actors were targeting workers at decentralized finance (DeFi) and cryptocurrency companies to steal funds through “complex and elaborate” social engineering campaigns.
Specifically, the federal agency warned that the scammers had researched firms associated with cryptocurrency-tied exchange-traded funds (ETFs).
Cyvers’ Michael Pearl, interview with Cointelegraph’s Zoltan Vardai, clip 1. Source: Cointelegraph
The US spot Bitcoin (BTC) ETFs could be the next major target for the Lazarus Group due to presenting such a sizable bounty, according to Michael Pearl, vice president of GTM strategy at onchain security company Cyvers.
Pearl told Cointelegraph in an exclusive interview:
“Only recently the FBI has issued a warning that North Korean hackers are going to try to infiltrate and steal money from ETFs. So, all those ETFs […] are storing the base Bitcoin somewhere. And you can be certain that somebody is already planning and thinking of how they’re going to steal it.”
Related: Top 100 DeFi Hacks: Offchain attack vectors account for 57% of losses
Is Lazarus Group trying to hack Cosmos?
Adding to the potential targets, the North Korean group could be targeting the Cosmos ecosystem next.
As Cointelegraph reported, part of Cosmos’ Liquid Staking Module (LSM) may have been built by North Korean developers.
While Cosmos was previously unaware of the North Korean contribution, it raises alarming concerns for the ecosystem, according to Melody Chan, research lead at Redecentralise — a nonprofit advocating the sustainable development of decentralized finance (DeFi).
Chan told Cointelegraph:
“The big fear is that these developers might add vulnerabilities, like backdoors or ways to hack the system. With the current issues in the LSM and the FBI’s warnings, it’s clear that thorough code audits are urgently needed.”
Lazarus is among the most notorious groups of crypto hackers, first emerging in 2009 and stealing over $3 billion in crypto assets in the six years leading up to 2023.
Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis