The Web3 war begins! North Korean hackers launder high-profile money and impersonate job seekers, and Tether takes the lead in launching sanctions

North Korean hackers use sophisticated money laundering techniques to reveal the dark side of Web3

Recently, North Korea’s hacker organization Lazarus Group has once again become the focus. They laundered more than $150,000 worth of cryptocurrency through Cambodian payment company Huione Pay, Reuters reported, exposing the group's sophisticated methods of laundering money in Southeast Asia. According to data from a blockchain analytics company, the illicit funds flowed into Huione Pay between June 2023 and February 2024, with the company claiming to have no knowledge of the source of the funds.

Huione Pay provides currency exchange, payment and remittance services. The company’s board of directors includes Hun To, a cousin of Cambodia’s prime minister. The complexity of these transactions makes the source of funds difficult to trace. According to an FBI investigation, the Lazarus Group used phishing attacks to conduct these hacks and supported North Korea's weapons programs with cryptocurrency funds. The United Nations points out that North Korea uses cryptocurrencies to bypass international sanctions and conduct illegal transactions.

Although the National Bank of Cambodia (NBC) banned payment companies from handling cryptocurrencies, the incident showed the weakness of regulations. NBC said it would take corrective action against Huione Pay but did not specify what actions it would take.

North Korean hackers pose as job seekers and lurk in Web3 industry

Additionally, a report from DLNews states that job boards for cryptocurrency-related jobs are being heavily filled by North Korean hackers, with these imposters trying to infiltrate cryptocurrency companies in order to conduct malicious activities. About 4,000 North Koreans are assigned to infiltrate Western technology industries, which bring in about $600 million a year to North Korea, according to the U.N. Security Council.

Security researchers say these North Korean imposters can earn up to $60,000 a month through multiple roles and jobs, with much of the earnings taken by North Korean authorities. These hackers use various methods to impersonate job applicants, such as:

• Refuse to turn on the video camera during the interview;

• Use a blurred background;

• Refusing to submit to a background check;

• Provide suspicious address and biographical information.

Due to the trend towards anonymity and pseudonymity in the Web3 industry, the risk of identifying malicious job seekers is higher. While it's impossible to determine the true identity of every applicant, companies should strengthen their interview and due diligence processes to avoid being targeted by these hackers.

Tether Sanctions Action: Freeze Suspicious Wallets to Combat Illegal Activity

Over the weekend, Tether froze a wallet holding $29.6 million worth of the $USDT stablecoin that was linked to Huione Guarantee. The Cambodian marketplace platform is suspected of being linked to a multi-billion-dollar online fraud economy. According to an investigation by blockchain investigator ZachXBT, at least $14 million in frozen funds is related to the hacking attack on the Japanese cryptocurrency exchange DMM Bitcoin. The attack cost DMM Bitcoin approximately $300 million in early June.

Lazarus Group is suspected to be behind the DMM Bitcoin hack. ZachXBT details the flow of funds, from Bitcoin to Ethereum or Avalanche, to $USDT, and then to Huione via the Tron network.

Source: ZachXBT Lazarus Group conducts money laundering operations through complex levels of classification

Huione Guarantee was identified by blockchain analytics firm Elliptic as a platform for advertising illegal services, including money laundering. Elliptic tracked a total of $11 billion in transactions over three years, most of which came from phishing scams and cryptocurrency scams. The sanctions highlight ongoing efforts to combat money laundering and criminal activity in the cryptocurrency industry. As the war on Web3 escalates, businesses and regulators must work together to protect the security and stability of the market.

The activities of the North Korean hacker group Lazarus Group and other criminals are posing a major threat to the global cryptocurrency market. Whether through sophisticated money laundering techniques or posing as job seekers to infiltrate cryptocurrency companies, their actions continue to challenge the security of the market. Combating these illegal activities requires cooperation and sustained efforts from all parties. The Web3 war has begun, and the battlefield will be more intense in the future. We look forward to all parties working together to maintain the security and stability of the market.