Malaysia urged to curb power theft by cryptocurrency miners with tougher laws
Money laundering and tax evasion linked to such mining could be driving the more than US$100 million in power losses, an analyst says
More than US$100 million in losses incurred by Malaysia over the past five years due to power theft by illegal cryptocurrency mining operations may point to a bigger problem of illicit funds moving unhindered in cyberspace, a data protection expert has warned.
Authorities have cracked down on more than 9,000 illegal mining operations across the peninsula between 2020 and 2024, with some consuming more than 1 million ringgit worth of power every month to run equipment to cool mining rigs, which function to solve digital puzzles to harvest bitcoin and run 24 hours a day.
Tenaga Nasional Berhad (TNB) on Monday revealed that illegal cryptocurrency mining had caused a 300 per cent spike in power theft over the past five years, with such operations found in urban centres like Johor Bahru and rural towns further north in Terengganu.
These had caused over 500 million ringgit (US$116 million) in losses, the national electricity grid operator said.
The issue, however, stemmed from a lack of clear regulations to tackle the underlying reasons behind illicit cryptocurrency mining, said Benjamin Sheperdson, a data protection expert.
“When you talk why [cryptocurrency mining] is done illegally, it is because of money laundering or perhaps fraudulently declaring income,” said Sheperdson, a non-executive director at data protection advisory Straits Interactive.
Nobody is actually regulating cryptocurrencyBenjamin Sheperdson, data protection expert
“Nobody is actually regulating cryptocurrency because there is no way of tracking the source … and criminals don’t want to be tracked.”
TNB, which has been working with police over the past five years to clamp down illegal cryptocurrency mining operations, revealed that it had suffered losses of at least 100 million ringgit annually to power theft by cryptocurrency mining syndicates, according to a report by local English daily The Star.
TNB did not immediately respond to a request for comment by This Week in Asia.
On April 29, police led a raid on an illegal cryptocurrency mining operations in two districts in the northern state of Terengganu, seizing 45 machines valued at about 225,000 ringgit. The equipment were housed in residential and commercial lots.
Police did not say how long the illegal operations had taken place but estimated that they cost TNB about 36,000 ringgit a month in losses. No suspects were arrested.
A week earlier in the southern state of Johor, police shut down several illegal cryptocurrency mining operations across five districts.
Three men aged between 40 and 48 were arrested, along with the seizure of 87 mining machines valued at 217,500 ringgit. Police estimated that the mining operations illegally tapped more than 1.3 million ringgit worth of electricity through residential and shop lots in Johor Bahru, Seri Alam, Kulai, Segamat and Tangkak.
Any person who is convicted of being involved in such operations could face up to five years in jail and a maximum fine of 100,000 ringgit.
Regulators like the central bank must introduce and enforce a basic framework to govern how digital activities like cryptocurrency trading and mining could be carried out in the country, Sheperdson said.
“People will always try and break that framework, but if you have something in place at least you can always try to build and reinforce that framework,” he said.
“The most important in Malaysia is enforcement. Without enforcement, it is going to be tough to uphold the rules.”
Malaysia has been making a hard push towards digitalisation by riding on its reputation as a regional semiconductor hub to attract billions of dollars in data centre investments, which support tech activities ranging from e-commerce to artificial intelligence development.
But the rapid shift to a digital ecosystem has also exposed weaknesses in the country’s cybersecurity capabilities.
In March, certain operations at the Kuala Lumpur International Airport were paralysed after a hacking incident, with a yet to be identified group claiming responsibility for the attack and demanding a US$10 million ransom.
In one of the worst cases, the personal data of 22.5 million Malaysians, including full names, personal identification numbers, home addresses and ID photos, was stolen from government servers in 2022 and sold on the dark web.
