Chinese businessman nets more than $17 million for Alazarus group in 25 hacks
A China-based OTC trader has stolen tens of millions of dollars worth of crypto for hackers from North Korea's Lazarus Group, the group behind some of the biggest cryptocurrency hacks.
Chinese OTC trader Yikong Wang has been cashing stolen cryptocurrencies since 2022 and making bank transfers on behalf of the Lazarus Group, according to prominent OnChain analyst ZackXBT.
The trader was revealed by one of ZachXBT's followers to have his account suspended after completing a peer-to-peer transaction with Wang, ZachXBT wrote in an October 23 X post:
“Recently Yicong Wang's large USDT -> CNY order on August 13, 2024, involving ~$1.5M USDT, came back after it was offered at a much lower market price.”
One of the addresses linked to Wang, the wallet “0x501” had more than $17 million worth of cryptocurrency, linked to more than 25 Lazarus group hacks, Tether before the November 2023 wallet seizure of 374,000 USDt (USDT), the onchain investigator added.
The Lazarus group, a cybercriminal group linked to the North Korean government, has been credited with major crypto hacks, including the $600 million Ronin Bridge exploit.
Related: Lazar Group Raises Over $200M in Hacked Crypto Since 2020
Lazar Group has turned to social engineering crypto schemes – FBI warning
At the beginning of September, the United States Federal Bureau of Investigation (FBI) issued a warning about the Lazar Group turning to social engineering schemes.
In a Sept. 3 announcement, the FBI said North Korean malicious cyber actors were targeting employees at decentralized finance (DeFi) and cryptocurrency companies using “sophisticated and elaborate” social engineering campaigns to steal funds.
In particular, the federal agency warned that the fraudsters targeted companies linked to cryptocurrency-linked exchange-traded funds (ETFs).
Michael Perl of Syvers, Interview with Zoltan Vardai of Cointelegraph, Clip 1. Source: Cointelegraph
US spot Bitcoin (BTC) ETFs could be Alazarus Group's next major target by offering such a large bonus, said Michael Pearl, vice president of strategy at Onchain security firm GTM.
Pearl told Cointelegraph in an exclusive interview:
“Recently, the FBI issued a warning that North Korean hackers are trying to infiltrate and steal funds from the EFF. So, all those ETFs […] They are storing the base Bitcoin somewhere. And you can be sure that someone is thinking and thinking about how to steal it.
Related: Top 100 DeFi Hacks: Offchain Attack Vectors Cover 57% of Losses
Is Team Lazarus trying to hijack Cosmos?
In addition to the potential targets, the North Korean group may also target the cosmos ecosystem next.
According to Cointelegraph, a component of Cosmos' Liquid Staking Module (LSM) may have been developed by North Korean developers.
Despite North Korea's previous contributions to the cosmos, it poses a serious threat to the ecosystem, according to Melody Chan, research leader at Redecentralize – a nonprofit organization that supports decentralized finance (DeFi) sustainable development.
Chan told Cointelegraph:
The biggest risk is that these developers add vulnerabilities such as backdoors or ways to hack the system. In L.S.M. And with the current issues of FBI warnings, it's clear that a thorough code audit is urgently needed.
Lazarus From those that first appeared in 2009 and The group of crypto hackers who stole more than $3 billion in the six years to 2023 is one of the most famous.
Magazine: Lazarus Group's Favorite Exploit Revealed – Crypto Hacks Analysis