South Korean crypto exchange Bithumb has blocked all virtual-asset deposits and withdrawals involving the overseas crypto payment platform Heleket, citing suspected money laundering and terrorist-financing exposure. The move follows TRM Labs’ assessment that Heleket is likely operationally connected to the Russia-linked processor Cryptomus, which was hit by Canada’s FINTRAC with a record CAD 176.96 million AML penalty in October 2025.
1-Minute Briefing
South Korean crypto exchange Bithumb has imposed an immediate block on all virtual-asset deposit and withdrawal transactions involving Heleket, an overseas crypto payment processor. According to Bithumb’s official notice dated 21 May 2026, the platform cited suspected involvement of Heleket in money laundering and terrorist-financing-related illegal activity and referred to South Korean AML and virtual-asset user-protection rules as the legal basis for the measure.
The case is not merely another exchange compliance update. It points to a broader risk pattern: crypto payment processors that present themselves as merchant-service infrastructure may, in practice, function as cross-border laundering and sanctions-evasion rails for high-risk users, darknet markets, cybercrime service providers, and sanctioned ecosystems.
Key Findings
- Bithumb has blocked Heleket immediately. The Korean exchange’s notice states that all deposits and withdrawals involving Heleket are restricted from 21 May 2026 with immediate effect.
- TRM Labs links Heleket to Cryptomus. In April 2026, TRM Labs assessed with high confidence that Cryptomus or its ultimate controllers likely created and launched Heleket, citing common architecture, timing, shared personnel, branding, and extensive on-chain connections.
- Cryptomus already carries heavy regulatory baggage. Canada’s FINTRAC imposed a CAD 176,960,190 administrative penalty on Xeltox Enterprises Ltd., operating as Cryptomus, for widespread AML/CFT failures, including failures to file suspicious transaction reports and large virtual-currency transaction reports.
- Garantex exposure is a major red flag. TRM reported that early liquidity into Heleket wallets came from Garantex, the Russia-linked crypto exchange sanctioned by OFAC and later disrupted by international law-enforcement action. OFAC designated Garantex in April 2022, and the U.S. DOJ announced a coordinated disruption of Garantex infrastructure in March 2025.
- Bithumb itself is under compliance pressure. Earlier in 2026, South Korean authorities imposed a 36.8 billion won penalty on Bithumb over AML violations, including transfers involving unregistered overseas virtual-asset service providers. A Seoul court later stayed the six-month partial business suspension, while public reporting left the status of the monetary fine less clear.
Compliance Analysis
The Heleket case demonstrates how crypto payment processors can become the operational layer between regulated exchanges and high-risk counterparties. Unlike a traditional crypto exchange, a processor may appear as neutral infrastructure: merchant checkout, API layer, settlement wallet, or cross-border payment gateway. But where KYC controls are weak or selectively applied, the processor can become a compliance shield for users who would otherwise be rejected by regulated venues.
TRM’s assessment is particularly significant because it does not rely on a single indicator. The reported connection between Cryptomus and Heleket is based on a combination of infrastructure, personnel, branding, timing, and on-chain activity. In compliance terms, this is the difference between a name change and a continuity-of-control scenario. If correct, Heleket may not be a new clean provider but a parallel rail designed to preserve access for users affected by Cryptomus’s increased regulatory scrutiny.
The FINTRAC case against Cryptomus adds further gravity. The Canadian regulator found 2,593 contraventions across six violation types, including failures to report suspicious transactions linked to darknet markets, fraud proceeds, ransomware payments, child sexual-abuse-material trafficking indicators, and sanctions evasion. FINTRAC also stated that Cryptomus failed to comply with obligations relating to transactions associated with Iran.
For regulated exchanges, the lesson is clear: blocking sanctioned entities is no longer enough. Exchanges must identify successor platforms, clone processors, parallel brands, shared-wallet clusters, and migration flows. A processor that emerges after another provider tightens KYC controls should trigger enhanced due diligence, not routine onboarding.
Red Flags For Exchanges And Banks
The Heleket/Cryptomus pattern contains several compliance red flags:
- use of a new payment brand after regulatory pressure on a related processor;
- shared infrastructure or personnel between supposedly separate entities;
- initial or material liquidity from sanctioned or disrupted exchanges;
- exposure to darknet markets, cybercrime services, ransomware, CSAM-related flows, or sanctions evasion;
- use of offshore or mailbox-style corporate structures;
- cross-border merchant payments without transparent beneficial ownership and merchant-risk controls.
These are not merely crypto-sector risks. They matter to banks, EMIs, payment institutions, stablecoin issuers, wallet providers, and VASPs that touch settlement, fiat ramps, merchant accounts, or liquidity channels.
FinTelegram Assessment
Bithumb’s move should be read as part of a wider market shift. The compliance perimeter is expanding from “listed exchange” to payment infrastructure, wallet clusters, merchant gateways, and processor networks. Heleket is now a test case for how exchanges respond when blockchain intelligence firms identify a potentially high-risk processor before a regulator has issued a formal sanctions designation.
For FinTelegram, the case confirms a recurring thesis: the most relevant financial-crime exposure in crypto increasingly sits not only at exchanges, but in the rails between exchanges, merchants, processors, OTC liquidity, and sanctioned ecosystems. The next generation of AML/CFT enforcement will focus on these rails.
Call For Information
FinTelegram invites insiders, compliance officers, former employees, affected users, and payment-industry sources with information on Heleket, Cryptomus, Garantex-related flows, merchant onboarding, processor wallets, or exchange integrations to contact us via Whistle42.
