A large Cambodian payments company received more than $150,000 worth of stolen crypto. The assets were sent from a digital wallet by a hacking organization from North Korea named Lazarus. However, blockchain data partly shows how this laundering of funds happened. Huione Pay, a company based in Phnom Penh that handles currency exchanges and payments, received the mentioned crypto between June 2023 and February 2024. The crypto originated from an anonymous digital wallet that Lazarus used to deposit funds stolen from three companies in June and July. The main weapon was phishing attacks.
Unfortunately, frauds related to crypto happen often due to laws and regulations not being properly instated yet. Of course, there are many advantages to cryptocurrencies and crypto payments. The benefits are recognized by many industries that implement crypto payment systems. Some of the most popular industries in that area include e-commerce, technology, and gambling. Ever since online casinos accepted crypto payments and took measures regarding the privacy of customers, their business has been booming. These casinos without KYC guarantee user anonymity which attracts users all over the world. The Know Your Customer (KYC) principle is used as a safety measure, but at the same time, it represents a breach of user privacy which is why people are becoming more against it. There are now ways to secure payments without KYC and that is probably going to be the future.
Decentralization may be the biggest advantage of crypto, i.e., the currency does not depend on one single source such as the government. They enable privacy, fast transactions, and higher security and they are also resistant to inflation due to the way they were designed. For instance, Bitcoin has a maximum supply of 21 million coins, therefore preventing devaluation that can happen with traditional fiat currencies.
Information from August 2023 obtained from the FBI states that Lazarus stole about $160 million from the following crypto companies: Atomic Wallet, CoinsPad, and Alphapo. Details of this investigation were not disclosed. However, according to Reuters, the heists of Lazarus are funding Pyongyang’s weapons programs, the USA claims. They also state that North Korea uses cryptocurrency to avoid international sanctions.
On the other hand, Huione Pay’s board of directors states they had no prior knowledge that the funds were received indirectly from the hacks. They add that one of the reasons for that is that the funds came in multiple transactions so it was more difficult to track. They also claim the wallet in question was not run by them. This adds up to the story since third parties are not in control of transactions to and from wallets that are not under the management of the board. However, some tools enable blockchain analysis of transactions and help companies identify wallets that potentially represent a high risk.
Huione Pay omitted the details of their receival of money from the aforementioned wallet, as well as their compliance policies. They also state that the leadership in their company does not include daily oversight of their operations.
According to the National Bank of Cambodia, payment companies like Huione Pay are not allowed to make trades with any cryptocurrencies or digital assets. The reason this ban was instated was the risk of cybercrime, investment loss, and generally the volatility of cryptocurrencies. Moreover, the anonymity of crypto is also a potential risk of laundering money and terrorism financing.
It is still unclear whether the punishment will be imposed on Huione Pay regarding this issue. The NBC informed Reuters that they would be prepared to invoke certain corrective measures against Huione Pay, however, no concrete claims or actions happened so far.