A Cambodian payments firm, Huione Pay, received over $150,000 in cryptocurrency from wallets associated with North Korea’s Lazarus Group. The crypto originated from hacks on three companies: Atomic Wallet, CoinsPaid, and Alphapo. Blockchain analysts identified the wallet as a conduit for Lazarus to funnel the stolen funds from phishing attacks in 2023.
Southeast Asia’s Vulnerabilities in Crypto Laundering
Lazarus’s use of Southeast Asian platforms to launder stolen cryptocurrency highlights the region’s gaps in anti-money laundering (AML) infrastructure. The UN has previously warned that crypto allows North Korea to bypass sanctions, often funding restricted state activities. Crypto transactions, while traceable on public ledgers, present challenges for countries lacking stringent regulations.
Also read: Hacker Steals $20M Crypto From US Government Wallet
Huione Pay’s Response and Cambodian Regulations
Huione Pay claims it was unaware of the funds’ origins due to multiple third-party transfers. Cambodian law currently prohibits payment firms from engaging in cryptocurrency transactions due to AML and cybersecurity concerns. While Huione has three directors, including Hun To, cousin to Prime Minister Hun Manet, the board stated that Hun’s position does not include day-to-day oversight.
Complex Laundering Techniques
Analysts reveal that Lazarus used advanced methods, including multiple wallet transfers and cryptocurrency conversions, to obscure the funds’ origins. The hackers converted assets into stablecoins on the Tron blockchain, a fast, cost-efficient ledger that reportedly facilitates covert crypto transfers. TRM Labs and Merkle Science traced the funds through multiple “hops” from hacked wallets, including a significant portion converted to the stablecoin Tether (USDT) for anonymity.
Growing International Scrutiny on Crypto Laundering
International bodies like the Financial Action Task Force (FATF) have flagged gaps in AML measures for crypto in Southeast Asia. The National Bank of Cambodia (NBC) has responded with plans to develop tighter regulations for crypto-related activities. The agency stated it would take corrective action if Huione Pay violated crypto restrictions, indicating heightened scrutiny on digital currency use.
Lazarus’s Network in Southeast Asia
Blockchain analysis firms have noted that Lazarus and other hacking groups have exploited Southeast Asia’s financial networks to stay ahead of enforcement efforts. The UN Office on Drugs and Crime points to the region as a critical location for high-tech money laundering, involving unregulated crypto services and underground banking.
Also read: John Deaton Criticizes SEC’s “Exorcist-Level” Crypto Regulation
