North Korean hackers sent stolen crypto to wallet used by Asian payment firm
Wednesday, 17 July 2024
LONDON, July 16 (Reuters): A major Cambodian payments firm received crypto worth over $150,000 from a digital wallet used by North Korean hacking outfit Lazarus, blockchain data shows, a glimpse of how the criminal collective has laundered funds in Southeast Asia.
Huione Pay, which is based in Phnom Penh and offers currency exchange, payments and remittance services, received the crypto between June 2023 and February this year, according to the previously unreported blockchain data reviewed by Reuters.
The crypto was sent to Huione Pay from an anonymous digital wallet that, according to two blockchain analysts, was used by Lazarus hackers to deposit funds stolen from three crypto companies in June and July last year, mostly via phishing attacks.
The FBI said in August 2023, opens new tab that Lazarus plundered about $160 million from the crypto firms: Estonia-based Atomic Wallet and CoinsPaid; and Alphapo, registered in Saint Vincent and the Grenadines. The agency didn't disclose specifics. They were the latest in a series of heists by Lazarus that the United States has said is funding Pyongyang's weapons programmes.
Cryptocurrency allows North Korea to circumvent international sanctions, the United Nations has said. That may in turn help it to pay for banned goods and services, according to the Royal United Services Institute, a London-based defence and security think tank.
Huione Pay's board said in a statement the company had not known it "received funds indirectly" from the hacks and cited the multiple transactions between its wallet and the source of the hack as the reason it was unaware. The wallet that sent the funds was not under its management, Huione said.
Third parties cannot control transactions to and from wallets that aren't under their management. However, blockchain analysis tools enable companies to identify high-risk wallets, and to seek to prevent interaction with them, crypto security experts say. Huione Pay - whose three directors include Hun To, a cousin of Prime Minister Hun Manet - declined to specify why it had received funds from the wallet or to provide details of its compliance policies. The company said Hun To's directorship does not include day-to-day oversight of its operations.
Reuters was unable to reach Hun for comment. The news agency has no evidence that Hun To or Cambodia's ruling family had any knowledge of the crypto transactions.
The National Bank of Cambodia (NBC) said in a statement to Reuters that payments firms such as Huione weren't allowed to deal or trade any cryptocurrencies and digital assets. In 2018, it said the ban sought to avoid investment losses due to crypto's volatility, cybercrime and the anonymity of the technology "which may cause risks of money laundering and financing of terrorism."