A customer plays a game at a computer shop in Quezon City, Sept. 2, 2020. — PHILIPPINE STAR/ MICHAEL VARCAS

THE ANTI-MONEY Laundering Council (AMLC) wants financial institutions to ensure customer due diligence, especially those that serve as payment channels for play-to-earn games such as Axie Infinity.

While Axie Infinity itself is not under the supervision of the Bangko Sentral ng Pilipinas (BSP) and not covered by the “dirty money” watchdog, AMLC Executive Director Mel Georgie B. Racela stressed that financial institutions are involved when players convert in-game tokens into fiat currency.

In games such as Axie Infinity, players receive cryptocurrency in exchange for playing the game. Axie Infinity players earn tokens known as smooth love potion (SLP).

“The payment channels used for the SLP tokens used in the game may include banks and electronic money issuers (EMIs). It must be remembered that banks and EMIs are covered persons and are, thus, required to conduct customer due diligence, keep records, and file covered and suspicious transaction reports (STRs),” Mr. Racela said in a Viber message.

“These covered persons, as payment and settlement facilitators, should closely monitor funds that pass through them (through the purchase or sale of such tokens) for possible links to dirty money and promptly file the corresponding STRs when appropriate,” he added.

Around $600 million worth of cryptocurrency linked to Axie Infinity was stolen from the Ronin Network, a blockchain network that allows users to transfer crypto in the game. It is said to be one of the largest cryptocurrency heists on record.

The US Federal Bureau of Investigation last week said their findings showed that Lazarus Group and APT38, both associated with North Korea, were behind the cybercrime. The Lazarus Group was also involved in hacking the Bangladesh central bank in 2016.

Meanwhile, Swarup Gupta, an industry manager at the Economist Intelligence Unit said the cyberattack showed how there are still gaps in ensuring decentralization for such platforms.

“The small number of validator nodes for the Ethereum sidechain, Ronin, and the even smaller number needed to approve a transaction, shows how such platforms fail to deliver the levels of decentralization that are necessary to ensure sufficient levels of cybersecurity,” Mr. Gupta said in an e-mail.

Sky Mavis, which operates Axie Infinity, earlier said that about 35% of the game’s traffic comes from the Philippines. The company said it raised $150 million in funds which will be used to reimburse players that were affected by the heist.

Despite regulators issuing warnings on risks related to cryptocurrency, Mr. Gupta said gamers have remained “largely undeterred.”

He earlier said the interest for play-to-earn games rose as Filipinos sought new sources of income amid the pandemic.

“Authorities should reach out to gaming guilds in the country and coordinate with them to provide education about the risks inherent with play-to-earn gaming activity,” Mr. Gupta said.

“They should also consider imposing restrictions on the transactions of gamers at the point of conversion to fiat currency since this is an area that is within the government’s jurisdiction,” he added.

BSP Governor Benjamin E. Diokno previously said they are continuously monitoring crypto-related activities that are used in online games. He said they are discussing with other regulators on the appropriate approach for Axie Infinity and other gaming platforms.

The Philippines is under increased monitoring as it was included in the “gray list” of the Financial Action Task Force in June 2021. It needs to prove it has implemented tighter restriction measures to prevent dirty money and terrorism financing activities.

The government hopes to exit the gray list on or before January 2023. — Luz Wendy T. Noble