Cambodian Payments Firm Receives Stolen Crypto Linked to North Korean Hackers

A major Cambodian payments firm, Huione Pay, has reportedly received over $150,000 in cryptocurrency from a digital wallet linked to the notorious North Korean hacking group Lazarus. This revelation offers a rare glimpse into how the criminal collective has been laundering funds in Southeast Asia.

According to blockchain data reviewed by Reuters, the crypto was transferred to Huione Pay between June 2023 and February this year. The funds originated from an anonymous digital wallet that blockchain analysts have connected to Lazarus hackers. The hackers allegedly stole the funds through phishing attacks targeting three crypto companies in June and July last year.

The FBI stated in August 2023 that Lazarus had plundered approximately $160 million from Estonia-based Atomic Wallet, CoinsPaid, and Alphapo, which is registered in Saint Vincent and the Grenadines. These heists are part of a series of cybercrimes by Lazarus that the United States claims are funding North Korea’s weapons programs.

Cryptocurrency allows North Korea to bypass international sanctions, facilitating payments for banned goods and services, as noted by the Royal United Services Institute, a London-based defense and security think tank. Blockchain analysis firm TRM Labs identified Huione Pay as one of several payment platforms and over-the-counter (OTC) brokers that received a significant portion of the stolen crypto from the Atomic Wallet hack.

To obscure their tracks, the hackers reportedly converted the stolen cryptocurrency into various digital assets, including tether (USDT), a stablecoin pegged to the U.S. dollar. These transactions were executed on the Tron blockchain, favored for its speed and low transaction costs.

Huione Pay, based in Phnom Penh and offering currency exchange, payments, and remittance services, stated that it was unaware it had received funds linked to the hacks. The company’s board explained that the wallet involved was not under its management, and the multiple transactions between the source of the hack and their wallet complicated detection.

“Huione Pay did not knowingly receive funds indirectly from the hacks,” the company stated, attributing the oversight to the complex transaction chain.

Despite Huione Pay’s claims, crypto security experts argue that blockchain analysis tools can help identify high-risk wallets and prevent interactions with them. Such tools could have potentially flagged the suspicious transactions.

Huione Pay’s three directors include Hun To, a cousin of Prime Minister Hun Manet. The company emphasized that Hun To’s role does not involve daily operational oversight.

While cryptocurrency transactions are anonymous and operate outside conventional banking systems, they are traceable on the blockchain. This public ledger records all transactions, detailing the amount of crypto sent from wallet to wallet and the timing of these transactions.

The involvement of Huione Pay in receiving funds tied to North Korean hackers highlights the challenges and complexities of regulating cryptocurrency transactions. As digital assets continue to gain prominence, the need for robust compliance measures and advanced monitoring tools becomes increasingly crucial to prevent illicit activities and ensure financial integrity.

Emma Dietz
Digital Assets Desk