Cambodian company supporting crypto scams linked to suspected $305m Lazarus Group hack
It isn’t just the suspected proceeds from crypto scams that are flowing through a Cambodian conglomerate with ties to the family of the Asian nation’s prime minister.
This month, more than $35 million from the recent $305 million hack of DMM Bitcoin, a Japanese cryptocurrency exchange, has been sent through Huione Guarantee, a Cambodian firm, according to a post by on-chain sleuth ZachXBT.
DMM Bitcoin was hacked on May 31. North Korea’s Lazarus Group may be behind the hack due to “similarities in laundering techniques and off chain indicators,” ZachXBT added.
Systematic laundering process
The attack bore “the hallmarks of a prototypical [North Korean] hack”, said Ari Redbord, the global head of policy at TRM Labs, a blockchain intelligence company.
The heist included the large amount of money stolen and the highly systematic laundering process, Redbord said in an email sent to DL News.
There were some innovations.
“The mixer they are now using is not one we have seen them typically use in the past,” Redbord said. “This change has probably been driven by the recent spate of sanctions, criminal cases, and voluntary shutdowns which have roiled the mixer industry in the past several months.”
Huione Guarantee is a service run by Huione Pay, a Cambodian company. Hun To, the cousin of current Cambodian prime minister Hun Manet, is a company director, according to corporate filings.
Huione Guarantee is a payments system that acts as an escrow or guarantor for transactions that take place on its site.
According to a review of its site, Huione Guarantee’s network includes thousands of groups on Telegram where merchants offer services such as money laundering, the creation of scam websites and equipment for scam compounds — including electric batons and shackles.
Illicit marketplace
On-chain analysis by Elliptic shows $11 billion has passed through Huioine Guarantee’s wallets. Its researchers said there are “very strong indications” that the majority of payments stem from illicit activity.
In a report published last week, the blockchain analytics firm said that its analysis of Huione Guarantee provided “overwhelming evidence” that its predominant role is to act as an illicit marketplace.
Last week, Tether froze $30 million in USDT on Tron addresses linked to Huione Guarantee, according to Bitrace.
ZachXBT traced the DMM Bitcoin funds through a mixer before they were bridged from Bitcoin to other chains, swapped for USDT and bridged to Tron and then transferred to Huione Guarantee.
Callan Quinn, DL News’ Hong Kong correspondent, covers the crypto industry in Asia. Have a tip? Contact the author at [email protected].
