South Korea charges 23 over $11.1M crypto laundering linked to Cambodian phishing ring

South Korea has moved from suspicion to charges in a crypto laundering case tied to a Cambodia-based phishing group.

According to Decrypt, prosecutors said they have arrested dozens of people accused of moving $11.1 million in cryptocurrency connected to the scam network. The Decrypt report frames the arrests as part of a broader effort to target how stolen funds get converted, split, and moved across wallets and jurisdictions.

What South Korea says happened

Decrypt reports that the activity centers on laundering funds allegedly linked to the Cambodia phishing operation. The headline figure is the amount moved in crypto, $11.1 million. The desk piece gives only one confirmed number in the provided text, so readers should treat other details as not yet established from this excerpt.

What matters operationally in cases like this is the handoff. Phishing networks often depend on the ability to get victim funds off the first wallet quickly, then route proceeds through layers that make tracing harder. Decrypt’s report positions the South Korean arrests as the next link in that chain.

Why crypto prosecutors go after “movers”

In laundering cases, authorities typically aim at people who touch illicit funds after the initial theft. That can include exchanges, brokers, wallet “routers,” or anyone accused of processing withdrawals and conversions. Decrypt’s description focuses on the crypto movement rather than victimology, which suggests the prosecution theory is about finance mechanics, not just the scam’s technical delivery.

Even if the underlying phishing originated elsewhere, the laundering can create local evidence. South Korea’s actions, as described by Decrypt, indicate prosecutors believe the trail and coordination were strong enough to justify arrests and charges.

The arrests count and the risk question

Decrypt says South Korea has arrested “dozens” and that the charges involve 23 people, matching the case count in the headline. That split in wording is common in reporting, where investigators may first detain a wider group and later file charges against a subset. But the provided text doesn’t break down who is charged versus merely arrested.

For anyone evaluating the case from a security lens, the open question is how the accused are allegedly connected. Decrypt’s excerpt does not name roles or levels of alleged involvement. Were they just handling cash-out steps? Were they coordinating wallet routing? Or were they operating as intermediaries with incentives to ignore source risk?

What’s missing from the public details

From the information provided, the Decrypt report confirms the core financial figure and the linkage between a Cambodia phishing group and crypto laundering activity investigated in South Korea. However, it does not include in the excerpt the specific methods used, the wallet patterns, or any legal theories beyond the laundering charge.

That gap is not minor. In crypto cases, different allegations imply different levels of culpability. Someone who converts funds after the fact may face a different narrative than someone who designed the routing pipeline.

Next steps to watch

The immediate next steps are procedural. The charged parties will likely face disclosures tied to alleged transaction flows, identity links, and any cooperation or forensic results gathered by prosecutors. Decrypt’s reporting sets the baseline claim: about $11.1 million moved in crypto for the Cambodia-based phishing group.

Until the rest of the Decrypt story lands, the safest way to read this is as a major enforcement action with a clear funding figure and a stated scam-to-laundering connection. The hard part now is the courtroom version of the timeline.