Huione Guarantee saw explosive growth, with its monthly inflows surging by 51% over six months. This growth was fueled by its USDH stablecoin launch. The platform facilitated over $24 billion in transactions and expanded its offerings to include its own blockchain, decentralized exchange, and chat services. Meanwhile, North Korea-linked hackers are still a major global concern, and were responsible for over $1.34 billion in cryptocurrency thefts in 2024. In South Korea, impeached President Yoon Suk Yeol was arrested after his controversial martial law declaration, and the UK proposed banning ransomware payments for critical sectors. Largest Online Illicit Marketplace Sees Explosive Growth Huione Guarantee, which is described by crypto compliance firm Elliptic as “the largest online illicit marketplace to have ever operated,” saw a rapid rise in activity. In fact, its monthly inflows increased by 51% over the past six months. The platform’s growth was boosted by the launch of its USD-backed stablecoin, USDH, in September, which was reportedly designed to circumvent regulatory scrutiny and freezing measures that are commonly associated with other stablecoins like Tether’s USDT. To date, Huione Guarantee facilitated more than $24 billion in transactions and attracted more than 900,000 users. Elliptic first alleged in July that Huione Guarantee served as a hub for illicit activities, including money laundering and cyber scams. Despite the exposé, the platform expanded its operations quite a bit, and even introduced a range of crypto-related products like its own blockchain, Xone Chain, a decentralized exchange, and a chat service to reduce reliance on external platforms like Telegram. The rebranding of the platform to Haowang Guarantee seems to be part of an effort to dissociate from the parent company, Huione Group, after the allegations. USDH is issued across blockchains like Ethereum, BNB Chain, and Tron, and its launch happened after Tether froze one of Huione Pay’s USDT accounts in July due to links with the North Korean Lazarus Group. This stablecoin is not to be confused with the similarly named USDH from Solana-based DeFi protocol Hubble. Elliptic’s latest analysis pointed out that the platform enables a wide array of cyber scams and fraudulent activities. The marketplace reportedly hosts thousands of vendors offering services and goods like money laundering, stolen data, and tools for online fraud on an industrial scale. US, Japan, South Korea Warn of North Korean Hackers The United States, Japan, and South Korea jointly issued a warning about the escalating threat that is posed by crypto hackers linked to North Korea, particularly groups like the infamous Lazarus Group. These groups are known for some of the largest cyber thefts in Web3 history, including the $600 million Ronin network hack and the $230 million WazirX exchange breach. Joint statement (Source: Ministry of Foreign Affairs of Japan ) Because of this, these hackers became a critical concern for global financial stability. The main goal of this collaboration of public and private sectors across the three nations is to combat these cyber threats and recover stolen funds. The warning follows South Korea’s sanctions against 15 North Koreans accused of generating funds for the country’s nuclear weapons program through cryptocurrency theft. North Korean hackers reportedly stole more than $1.34 billion worth of digital assets in 2024 alone, across 47 incidents. This was a sharp 102% increase from the $660 million that was stolen in 2023. This staggering amount accounted for more than 61% of the total cryptocurrency stolen globally in 2024 and more than 20% of the hacking incidents. DPRK hacking activity (Source: Chainalysis ) Chainalysis data also recently pointed out the growing sophistication of these attacks, with an increasing number of heists yielding profits of $50 million or more. High-profile incidents in 2024 included the $305 million DMM Bitcoin hack, $50 million each from Upbit and Radiant Capital, and $16 million from Rain Management. In contrast, North Korea’s 2022 exploits frequently resulted in profits below $50 million. South Korea Arrests Impeached President Yoon Suk Yeol Meanwhile, South Korean authorities arrested Yoon Suk Yeol, the country’s impeached president. This is the first time a sitting South Korean leader has been taken into custody. The arrest was made on Jan. 15, after a warrant was executed by the Corruption Investigation Office. Around 80 police officers and investigators arrived at Yoon’s residence to detain him, according to Yonhap News Agency and CNN reports . Images circulating on social media appeared to show Yoon being escorted into a vehicle for questioning. The arrest stems from Yoon’s controversial martial law declaration on Dec. 3, which was overturned by South Korea’s legislature just six hours later. Yoon was impeached 11 days later, on Dec. 14. He justified the martial law by pointing to perceived threats from “North Korea’s communist forces” and a need to eliminate so-called “anti-state elements.” While no charges have been formally laid, leading an insurrection is a grave crime in South Korea, and is punishable by life imprisonment or even death. South Korean President Yoon Suk Yeol The martial law had widespread ramifications, including a huge impact on South Korea’s cryptocurrency market. Trading platforms like Upbit experienced a liquidity crisis as Bitcoin prices dropped as low as 92 million Korean won ($65,000). Since Yoon’s impeachment, crypto prices paired with the Korean won were able to recover. UK Proposes Ransomware Payment Ban for Critical Sectors The UK government initiated a consultation to explore banning ransomware payments for operators of critical national infrastructure, like energy providers, healthcare services, and local councils. The proposal was announced on Jan. 14, and builds on an existing ban affecting government departments. Security Minister Dan Jarvis explained that the proposed measures seek to cut off ransomware groups from their financial lifelines, particularly crypto payments, which are commonly demanded by attackers. The main goal of the proposal is to protect national security and make essential services less attractive to cybercriminals. They include a ransomware payment prevention regime to guide victims, block payments to sanctioned groups, and mandate the reporting of ransomware incidents to help law enforcement target repeat offenders. The consultation will run until April 8. Just how urgent these measures are was proven by recent cyberattacks that caused major disruptions. In January of 2023, a ransomware attack on Royal Mail stopped international shipping , while an earlier attack on Advanced Computer Software Group in August of 2022 exposed the personal data of nearly 83,000 people. Over the 12 months ending August 2024, the National Cyber Security Centre managed 430 cyber incidents, including 13 deemed nationally significant. Ransomware is still considered to be the most immediate threat to the UK’s digital infrastructure. The National Cyber Security Centre’s 2024 Annual Review referred to incidents like the June attack on pathology laboratory Synnovis, which delayed medical procedures, and an October breach that compromised the British Library’s online systems.
