North Korean hackers funneled stolen crypto to Asian payment firm

According to blockchain data, a major Cambodian payments firm, Huione Pay, received over $150,000 in cryptocurrency from a digital wallet linked to the North Korean hacking group Lazarus. The funds were sent between June 2023 and February this year from an anonymous wallet used by Lazarus to launder money stolen from three crypto companies through phishing attacks. The FBI reported that Lazarus stole around $160 million from Atomic Wallet, CoinsPaid, and Alphapo last year to fund North Korea’s weapons programs.

Huione Pay, based in Phnom Penh, stated it was unaware of receiving funds indirectly from the hacks and cited multiple transactions between its wallet and the source as the reason. The company declined to explain why it had received the funds or provide details on its compliance policies. Despite blockchain tools allowing companies to identify high-risk wallets, Huione Pay claimed it had no control over the anonymous wallet’s transactions.

The National Bank of Cambodia (NBC) prohibits payment firms like Huione Pay from dealing with cryptocurrencies due to risks like money laundering and financing terrorism. The NBC indicated it might take corrective measures against Huione Pay. Meanwhile, US blockchain analysis firms reported that Huione Pay was among several platforms receiving stolen crypto, which was converted into different currencies, including tether (USDT), to obscure the money trail. Southeast Asia has become a hotspot for high-tech money laundering and cybercrime operations, highlighting the need for stronger regulatory measures.