The US Treasury Department wants to block the Cambodia-based Huione Group from accessing the US banking system, accusing it of helping North Korea’s state-backed Lazarus Group to launder its crypto.

The Treasury’s Financial Crimes Enforcement Network (FinCEN) proposed on May 1 to prohibit US financial institutions from opening or maintaining correspondent or payable-through accounts for or on behalf of the Huione Group.

Huione Group has established itself as the “marketplace of choice for malicious cyber actors” like the Lazarus Group, who have “stolen billions of dollars from everyday Americans,” US Treasury Secretary Scott Bessent said in a May 1 statement.

“Today’s proposed action will sever Huione Group’s access to correspondent banking, degrading these groups’ ability to launder their ill-gotten gains.”

Huione Group has set up a network of businesses, which includes payment service platform Huione Pay PLC, the crypto exchange Huione Crypto, and Haowang Guarantee, an online marketplace offering illicit goods and services.

Although the conglomerate doesn’t have correspondent accounts with US financial institutions, it has accounts with foreign firms with US correspondent accounts, the Treasury’s FinCEN noted in its rulemaking submission.

The proposed rule is subject to a 30-day public comment period before it can take effect.

Source: Chainalysis

Huione expanded into sophisticated cybercrime network

FinCEN claimed that Huione Group has laundered at least $4 billion worth of illicit proceeds between August 2021 and January 2025, including more than $36 million from crypto pig butchering scams.

At least $37 million worth of the crypto laundered has been linked to North Korea’s “cyber heists,” the Treasury said.

Haowang Guarantee has made Huione Group a “one stop shop” for criminals to launder crypto obtained through illicit activities, and ultimately convert it to fiat currency, the Treasury said.

Related: North Korean crypto attacks rising in sophistication, actors — Paradigm

The conglomerate has also created a US dollar-pegged stablecoin, the US Dollar Huione (USDH), which FinCEN said cannot be frozen and helps to carry out money laundering activities.

The National Bank of Cambodia has stated that payment firms aren’t allowed to deal or trade digital assets in the country and had revoked the company’s local banking license in March.

Magazine: Crypto wanted to overthrow banks, now it’s becoming them in stablecoin fight

The US Securities and Exchange Commission has filed to drop another of its crypto lawsuits, this time its unregistered securities sales case against crypto influencer and YouTuber Ian Balina. 

The SEC said in a May 1 joint stipulation with Balina to an Austin federal court that it “believes the dismissal of this case is appropriate,” citing the work of the agency’s Crypto Task Force.

The agency didn’t give a reason for wanting to dismiss its case, but said its decision “does not necessarily reflect the Commission’s position on any other case.”

Balina told Cointelegraph in March that the SEC had informed him it would recommend the court dismiss the case and claimed the agency’s actions were based on a shift in the agency’s priorities.

“Obviously, the new administration is pro-crypto,” Balina said. The SEC has seen a change in leadership under US President Donald Trump, who appointed former crypto lobbyist Paul Atkins to chair the agency.

The joint stipulation argued a dismissal would also conserve the court’s resources “without costs or fees to either party.”

Balina is the CEO of Token Metrics, a crypto influencer with 140,000 followers on X, and a YouTuber who the SEC accused of improperly promoting crypto projects, particularly during the initial coin offering (ICO) boom circa 2017.

The SEC sued Balina in 2022, alleging that he conducted an unregistered securities offering of Sparkster (SPRK) tokens when he formed an investing pool on Telegram in 2018.

The SEC claimed that US-based investors participated in Balina’s investing pool, using Ether (ETH), which was validated by a network of nodes “which are clustered more densely in the United States than in any other country.”

Related: SEC drops investigation into PayPal’s stablecoin

The court sided with the SEC and, in May 2024, ruled that SPRK was an investment contract under US securities laws, where investors pooled money into a common enterprise expecting profits due to the efforts of others.

Edit the caption here or remove the text

Shift in crypto policy

The move is the latest in a long list of crypto-related court actions that the SEC has quashed under the Trump administration’s favorable stance toward the industry. 

Over the past month, it has dropped several cases and abandoned multiple investigations against crypto firms, including against Coinbase, Ripple, Kraken, Opensea, and PayPal’s stablecoin. 

Magazine: Japanese porn star’s coin red flags, Alibaba-linked L2 runs at 100K TPS: Asia Express

US crypto exchange Kraken has detailed a North Korean hacker’s attempt to infiltrate the organization by applying for a job interview.

“What started as a routine hiring process for an engineering role quickly turned into an intelligence-gathering operation,” the company wrote in a May 1 blog post.

Kraken said the applicant’s red flags appeared early on in the process when they joined an interview under a name different from what they applied with and “occasionally switched between voices,” apparently being guided through the interview.

Rather than immediately rejecting the applicant, Kraken decided to advance them through its hiring process to gather information about the tactics used.

International sanctions have effectively cut North Korea off from the rest of the world, and the country’s ruling Kim family dictatorship has long targeted crypto companies and users to top up the country’s coffers. It’s stolen billions worth of crypto so far this year.

Kraken reported that industry partners had tipped them off that North Korean actors were actively applying for jobs at crypto companies. 

“We received a list of email addresses linked to the hacker group, and one of them matched the email the candidate used to apply to Kraken,” it said. 

With this information, the firm’s security team uncovered a network of fake identities used by the hacker to apply to multiple companies. 

Kraken also noted technical inconsistencies, which included the use of remote Mac desktops through VPNs and altered identification documents.

Kraken CSO @c7five recently spoke to @CBSNews about how a North Korean operative unsuccessfully attempted to get a job at Kraken.

Don’t trust. Verify pic.twitter.com/1vVo3perH2

— Kraken Exchange (@krakenfx) May 1, 2025

The applicant’s resume was linked to a GitHub profile containing an email address exposed in a past data breach, and the exchange said the candidate’s primary form of ID “appeared to be altered, likely using details stolen in an identity theft case two years prior.”

During final interviews, Kraken chief security officer Nick Percoco conducted trap identity verification tests that the candidate failed, confirming the deception. 

Related: Lazarus Group’s 2024 pause was repositioning for $1.4B Bybit hack

“Don’t trust, verify. This core crypto principle is more relevant than ever in the digital age,” Peroco said. “State-sponsored attacks aren’t just a crypto or US corporate issue — they’re a global threat.”

North Korea pulls off biggest-ever crypto hack

North Korea-affiliated hacking collective Lazarus Group was responsible for February’s $1.4 billion Bybit exchange hack, the largest ever for the crypto industry.

North Korean-linked hackers also stole more than $650 million through multiple crypto heists during 2024, while deploying IT workers to infiltrate blockchain and crypto companies as insider threats, according to a statement released by the US, Japan and South Korea in January. 

In April, a subgroup of Lazarus was found to have set up three shell companies, with two in the US, to deliver malware to unsuspecting users and scam crypto developers. 

Magazine: Japanese porn star’s coin red flags, Alibaba-linked L2 runs at 100K TPS: Asia Express