Stolen crypto from North Korean hackers linked to Asian payment firm

Cambodian payments firm received crypto worth over $150,000 from a digital wallet used by North Korea hackers


REUTERS July 15, 2024
Cambodian payments firm received crypto worth over $150,000 from a digital wallet used by North Korea hackers. PHOTO: PIXABAY

LONDON:

 A major Cambodian payments firm received crypto worth over $150,000 from a digital wallet used by North Korean hacking outfit Lazarus, blockchain data shows, a glimpse of how the criminal collective has laundered funds in Southeast Asia.

Huione Pay, which is based in Phnom Penh and offers currency exchange, payments and remittance services, received the crypto between June 2023 and February this year, according to the previously unreported blockchain data reviewed by Reuters.

The crypto was sent to Huione Pay from an anonymous digital wallet that, according to two blockchain analysts, was used by Lazarus hackers to deposit funds stolen from three crypto companies in June and July last year, mostly via phishing attacks.

The FBI said in August 2023, tab that Lazarus plundered about $160 million from the crypto firms: Estonia-based Atomic Wallet and CoinsPaid; and Alphapo, registered in Saint Vincent and the Grenadines. The agency didn't disclose specifics. They were the latest in a series of heists by Lazarus that the United States has said is funding Pyongyang's weapons programmes.

Cryptocurrency allows North Korea to circumvent international sanctions, the United Nations has said. That may in turn help it to pay for banned goods and services, according to the Royal United Services Institute, a London-based defence and security think tank.

Huione Pay's board said in a statement the company had not known it "received funds indirectly" from the hacks and cited the multiple transactions between its wallet and the source of the hack as the reason it was unaware. The wallet that sent the funds was not under its management, Huione said.

Third parties cannot control transactions to and from wallets that aren't under their management. However, blockchain analysis tools enable companies to identify high-risk wallets, and to seek to prevent interaction with them, crypto security experts say.

Huione Pay - whose three directors include Hun To, a cousin of Prime Minister Hun Manet - declined to specify why it had received funds from the wallet or to provide details of its compliance policies. The company said Hun To's directorship does not include day-to-day oversight of its operations.

Reuters was unable to reach Hun for comment. The news agency has no evidence that Hun To or Cambodia's ruling family had any knowledge of the crypto transactions.

The National Bank of Cambodia (NBC) said in a statement to Reuters that payments firms such as Huione weren't allowed to deal or trade any cryptocurrencies and digital assets. In 2018, it said the ban sought to avoid investment losses due to crypto's volatility, cybercrime and the anonymity of the technology "which may cause risks of money laundering and financing of terrorism."

The NBC told Reuters it "would not hesitate to impose any corrective measures" against Huione, without saying if such action was planned. The North Korean mission to the United Nations in New York did not respond to a request for comment. A person at its mission to the United Nations in Geneva told Reuters in January that previous reporting on Lazarus was "all speculation and misinformation."

Atomic Wallet and Alphapo didn't respond to requests for comment. CoinsPaid told Reuters that its own data showed crypto stolen from it worth $3,700 reached the Huione Pay wallet.

While cryptocurrency is anonymous and flows outside the conventional banking system, its movements are traceable on the blockchain - a public, immutable ledger that records the amount of crypto sent from wallet to wallet, and when the transactions occurred.

US blockchain analysis firm TRM Labs told Reuters in a statement that Huione Pay was one of a number of payment platforms and over-the-counter (OTC) brokers that received a majority of the crypto stolen in the Atomic Wallet hack. Brokers connect buyers and sellers of crypto, offering traders a greater degree of privacy than crypto exchanges.

In its statement, TRM also said that the hackers, to hide their tracks, had converted the stolen crypto via a complex laundering operation into different cryptocurrencies, including tether (USDT) - a so-called ‘stablecoin’ that retains a steady value in dollars. For tether transactions, they used the Tron blockchain, a fast-growing register that is popular for its speed and low cost, TRM added.

“This majority of funds were converted to USDT on the Tron blockchain, and appeared to be sent to exchanges, services, and OTC - one of which, was Huione Pay," TRM Labs told Reuters, referring to the actions of the hackers. It did not provide further details.

A spokesperson for the British Virgin Islands-registered Tron said: "Tron condemns the abuse of blockchain technologies and is dedicated to combating these, and other malicious actors, in all forms, and wherever they may be found." The spokesperson did not comment directly on the Atomic Wallet hack.

Estonia's investigation into the 2023 hacks of Atomic Wallet and Coinspaid remains open, said Ago Ambur, the head of Estonia's cybercrime bureau. Cybercrime police in Saint Vincent and the Grenadines did not respond to requests for comment on the Alphapo hack.

Red flag

US blockchain analysis firm Merkle Science, which counts as clients law enforcement agencies in the United States and Britain and has previously examined Lazarus heists, examined the movement of coin from the 2023 hacks for Reuters.

Its CEO, Mriganka Pattnaik, said tracing funds from the Lazarus attacks was difficult due to the complex methods used to conceal the money trail.

Merkle Science said its investigation showed that there were three "hops" – or transfers – from the Atomic Wallet hackers to the anonymous wallet that later transferred funds to Huione. Transfers between multiple crypto wallets are typically a red flag for organisations seeking to launder funds, financial crime experts and blockchain analysts say.

Between June and September 2023, the Lazarus hacker who targeted Atomic Wallet sent tether worth around $87,000 to the anonymous wallet, according to the data uncovered by Merkle Science. The wallet also received tether worth around $15,000 stolen from CoinsPaid and Alphapo, Merkle Science said.

In January, the United Nations said Lazarus had shared money-laundering networks with criminals in Southeast Asia, without naming any platforms involved.

Jeremy Douglas, the UN Office of Drugs and Crime's former regional director for Southeast Asia, said the region was awash with unregulated crypto service providers and online casinos acting as "underground banks." He did not comment on Huione.

Groups such as Lazarus strive to stay ahead of law enforcement, he added, with technology and infrastructure that has spread across Southeast Asia now a critical part of their ability to do so.

"Southeast Asia has in many ways become the global ground zero, the primary testing ground, for high-tech money laundering and cybercrime operations," he said.

The G7's illicit finance body, the Financial Action Task Force (FATF), last year removed Cambodia from its "grey list" of countries with flawed anti-money laundering policies, citing improvements to its regime.

However, a FATF spokesperson referred Reuters to a 2021 report that highlighted "major gaps" in Cambodia's illicit finance rules for crypto firms, adding that the assessment still stood.

Cambodia’s central bank said it was drafting regulations to identify and punish use of crypto for illegal activities including fraud, money laundering and cybersecurity threats.

COMMENTS (6)

Benjamin Larry | 5 months ago | Reply Leaving out of a US Marine military camp behind transitioning to civilian life can be both liberating and challenging. For many it involves navigating unfamiliar terrain including financial decisions. In my case the US government had deposited some cash into my bank account upon my exit from the military providing a cushion as I embarked on this new chapter. However a seemingly innocuous encounter on Instagram would soon lead to a harrowing ordeal. Scrolling through Instagram an enticing ad for an online investment opportunity caught my eye. Intrigued by the promise of lucrative returns I decided to take the plunge and invested 20 000 hoping to grow my funds and secure a stable future. However as the promised time for withdrawal approached I found myself facing a nightmarish reality accessing my funds became an insurmountable challenge. Feeling overwhelmed and distressed I sought solace in the company of a trusted friend over drinks at a local bar. As I poured out my troubles my friend mentioned hearing about salvage asset recovery and their success stories in restoring S salvage asset recovery g lost funds. Intrigued by the glimmer of hope his words offered I wasted no time in investigating further. Upon researching salvage asset recovery and coming across numerous positive reviews I hesitantly reached out to them desperate for assistance. To my relief their response was prompt and reassuring. Within two days their team had worked tirelessly to recover every penny of my hard-earned money restoring my faith in the possibility of redemption. The swift and efficient resolution provided by salvage asset recovery not only alleviated my financial woes but also served as a reminder of the importance of due diligence in online investments. While the allure of quick profits may be tempting it often comes hand-in-hand with significant risks. My experience serves as a cautionary tale for fellow veterans and civilians alike emphasizing the importance of exercising caution and seeking reputable guidance when venturing into unfamiliar financial territory. Salvage asset recovery emerged as a beacon of hope in my darkest hour their expertise and dedication shining through as they navigated the complexities of online fraud to reclaim what was rightfully mine. Their professionalism and commitment to their clients well-being set them apart as a trusted ally in the fight against financial injustice. As I reflect on this tumultuous chapter of my life I am grateful for the invaluable lesson learned and for the unwavering support of friends and allies like Website W.W.W.salvageassetrecovery.com Or Email Salvagefundsrecovery At rescueteam dot c.o.m Moving forward I am determined to approach financial decisions with greater discernment and resilience fortified by the knowledge that even in the face of adversity there are those willing to lend a helping hand.
Nick Frichette | 5 months ago | Reply RECOVER YOUR LOST STOLEN CRYPTO-CURRENCY When a person s valuable Bitcoin holdings suddenly go missing it can be an incredibly stressful and disheartening experience. That s exactly what happened to me when I had amassed a substantial Bitcoin portfolio worth 45 000. Feeling overwhelmed and unsure of where to turn I knew I needed the expertise of seasoned professionals to have any hope of recovering my lost digital assets. Fortunately I was directed to the specialized services of Cyberspace hack pro a leading provider of cryptocurrency recovery solutions. Cyberspace hack pro is renowned in the Bitcoin community for their proven track record of successfully retrieving lost or stolen funds. Utilizing advanced forensic techniques and proprietary recovery methods their team of highly-skilled cybersecurity experts were able to meticulously trace the movements of the missing Bitcoin and identify its current location. Through a complex investigative process combining technical know-how and tenacious determination Cyberspace hack pro was ultimately able to regain control of the funds and restore the portfolio to its rightful owner. The relief and gratitude felt by me was palpable as the 45 000 worth of Bitcoin represented a significant portion of my life savings and financial security. Being reunited with my hard-earned cryptocurrency holdings was nothing short of life-changing allowing me to breathe easy and move forward without the burden of that devastating loss hanging over. In the end Cyberspace hack pro demonstrated why they are considered the premier destination for those in need of expert Bitcoin recovery services going above and beyond to deliver a positive outcome for me in a time of great distress. Their professionalism expertise and commitment to their customers are truly unparalleled in this space. Call for assistance. Gmail Cyberspacehackpro @ rescueteam. com https cyberspacehackpro0.wixsite.com cyberspacehackpro WhatsApp 1 631 428-0567
VIEW MORE COMMENTS
Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ