Lazarus Hackers Launder Stolen Crypto in Southeast Asia

Image
Amir KC -  July 15th   

North Korean Hackers Send Stolen Crypto to Wallet Used by Asian Payment Firm

A recent investigation has revealed that a major Cambodian payment firm, Huione Pay, received over $150,000 in cryptocurrency from a digital wallet linked to the notorious North Korean hacking group Lazarus. This insight into the hackers' laundering activities showcases the challenges in tracking and preventing illicit cryptocurrency transactions in Southeast Asia.

Huione Pay's Involvement in Crypto Laundering

Huione Pay, based in Phnom Penh, provides currency exchange, payment, and remittance services. Between June 2023 and February 2024, the company received significant amounts of crypto from an anonymous wallet tied to Lazarus hackers. These funds were traced back to cyberattacks on three crypto companies, namely Atomic Wallet and CoinsPaid, both based in Estonia, and Alphapo, registered in Saint Vincent and the Grenadines. The attacks, primarily executed through phishing, resulted in the theft of around $160 million.

Implications for International Sanctions

The FBI reported that the stolen funds are likely being used to support North Korea's weapons programs, helping the regime circumvent international sanctions. Cryptocurrencies, due to their decentralized nature, offer a way for North Korea to pay for banned goods and services, as noted by the United Nations and the Royal United Services Institute, a defense and security think tank.

Huione Pay's Response and Regulatory Concerns

In a statement, Huione Pay's board claimed unawareness of the illicit origin of the funds, attributing this to the multiple transactions separating their wallet from the source. They asserted that the wallet in question was not under their direct management. Despite this, experts suggest that companies can use blockchain analysis tools to identify and avoid high-risk wallets.
Huione Pay, which counts Hun To, a cousin of Prime Minister Hun Manet, among its directors, declined to elaborate on why it received funds from the suspicious wallet or detail its compliance policies. The National Bank of Cambodia (NBC) reiterated that payment firms are prohibited from dealing in cryptocurrencies, citing risks like volatility, cybercrime, and money laundering. The NBC promised corrective measures against Huione, though specifics were not provided.

Lazarus Group's Sophisticated Money Laundering Tactics

To obscure their tracks, Lazarus hackers employed a complex laundering operation, converting stolen crypto into various forms, including tether (USDT), a stablecoin pegged to the dollar. These transactions were primarily conducted on the Tron blockchain, known for its speed and low transaction costs. TRM Labs, a U.S. blockchain analysis firm, highlighted that Huione Pay was one of several platforms receiving the majority of the stolen crypto from the Atomic Wallet hack.

Global Efforts to Combat Crypto Crime

In response to these revelations, various global and local entities have taken notice. Estonia is continuing its investigation into the 2023 hacks of Atomic Wallet and CoinsPaid, while the cybercrime police in Saint Vincent and the Grenadines have yet to comment on the Alphapo hack.
Blockchain analysis firms like Merkle Science, which collaborates with law enforcement agencies, have identified multiple transfers ("hops") from the hacked wallets to anonymous wallets, raising red flags for potential money laundering. Their CEO, Mriganka Pattnaik, emphasized the difficulty in tracing funds due to the sophisticated methods employed by Lazarus.

Regional Challenges and Regulatory Gaps

Southeast Asia, characterized by numerous unregulated crypto service providers and online casinos, has become a hotspot for high-tech money laundering and cybercrime operations. Jeremy Douglas, the former regional director for Southeast Asia at the UN Office of Drugs and Crime, highlighted the region's role as a critical testing ground for these illicit activities.
Despite the Financial Action Task Force (FATF) removing Cambodia from its "grey list" due to improved anti-money laundering measures, significant regulatory gaps remain. A 2021 report still highlights deficiencies in Cambodia's rules regarding crypto firms.

Future Directions and Regulatory Actions

Cambodia's central bank is drafting new regulations aimed at identifying and punishing the illegal use of cryptocurrencies, including fraud, money laundering, and cybersecurity threats. These efforts are crucial in combating the sophisticated laundering operations of groups like Lazarus and ensuring that the financial ecosystem remains secure.
As the world grapples with the evolving challenges posed by cryptocurrency crimes, cooperation between international bodies, regulatory authorities, and private companies will be essential in mitigating risks and ensuring the integrity of financial systems.