Cambodian payments company received crypto worth over US$150,000 from a digital wallet employed by North Korean hacking group Lazarus, blockchain data shows, a glimpse of how the criminal outfit has laundered funds in Southeast Asia.
Huione Pay, based in Phnom Penh and offers currency exchange, payments and remittance services, received the crypto between June 2023 and February this year, according to the previously unreported blockchain data reviewed by Reuters.
The crypto was transferred to Huione Pay from an anonymous digital wallet that, according to blockchain experts, was used by a hacking outfit to deposit funds stolen from three crypto firms in June and July 2023.
The United States' Federal Bureau of Investigation said in August last year that Lazarus stole US$160 million from the crypto firms: Estonia-based Atomic Wallet and CoinsPaid; and Alphapo, registered in Saint Vincent and the Grenadines.
They were the latest in a series of heists by Lazarus that the US said was funding Pyongyang's weapons programmes.
Cryptocurrency allows North Korea to circumvent international sanctions, the United Nations has said.
The crypto might have assisted the regime pay for banned goods and services, according to the Royal United Services Institute, a London-based defence and security think tank.
Huione Pay's board said the company had not known it "received funds indirectly" from the hacks and cited the multiple transactions between its wallet and the source of the hack as the reason it was unaware.
Rhe wallet that sent the funds was not under its management, Huione added.
Huione Pay — whose three directors include Hun To, a cousin of Prime Minister Hun Manet — refused to elaborate why it had received funds from the wallet or provide details of its compliance policies.
The firm stated Hun To's directorship does not include day-to-day oversight of its operations.
The National Bank of Cambodia (NBC) said payments companies such as Huione weren't allowed to deal or trade in any cryptocurrencies and digital assets.
US blockchain analysis firm TRM Labs told Reuters that Huione Pay was one of a number of payment platforms and over-the-counter brokers that received a majority of the crypto stolen in the Atomic Wallet hack.
Brokers connect buyers and sellers of crypto, offering traders a greater degree of privacy than crypto exchanges.
TRM also said the attackers conceal their tracks by converting the stolen crypto via a complex laundering operation into different cryptocurrencies, including tether (USDT) — a so-called "stablecoin" that retains a steady value in dollars.