DOJ Seizes Huione Group Infrastructure Behind $31B Scam Market
Cryptocurrency scam schemes rarely rest on people alone. They need infrastructure to receive, move, and disguise money. Now the U.S. Department of Justice says it has seized a cloud account that served the Huione Group.
What Was Seized
According to the department, subsidiaries of the Cambodian conglomerate used the account. Through the server infrastructure hosted there, investigators say, they helped move funds from crypto investment fraud, cyber scams, and other criminal schemes. The money traveled across blockchains and then exited into the regular banking system. The goal was to make the origin of the funds harder to trace.
The Scale of the Marketplace
A new timeline from Elliptic made the scale clearer. Huione Guarantee launched in 2021 as a Chinese-language marketplace on Telegram. On the surface, it looked like a venue for ordinary deals, including cars and real estate. In practice, analysts say, sellers there offered tools for industrial-scale fraud. Almost all payments ran through the stablecoin USDT.
By the time it was forced offline in May 2025, Huione Guarantee had received more than $31 billion in crypto transactions. For comparison, Silk Road processed about $216 million in total, and AlphaBay around $1 billion. Elliptic estimates that the payments arm, Huione Pay, received at least $103 billion in crypto assets over its lifetime. You can read Elliptic’s full analysis of the case.
What the Platform Sold
Court filings say the seized account helped run Huione Guarantee, also known as Haowang Guarantee. The platform, authorities say, supported Telegram channels that traded in crime. Those discussions covered stolen bank card data and documents, proceeds from malware theft, human-trafficking schemes, and laundering after romance and investment scams. Analysts also tied the market to phishing kits, face-swap tools for video calls, fake investment sites, and equipment used to hold workers in scam centers.
The Escrow Role
Huione Guarantee also acted as a guarantor. The service held funds between parties to a deal. In doing so, it helped criminals settle transactions on its platforms. After the first exposes, the group did not stop. The market was renamed Haowang Guarantee. Huione’s structures also launched their own USDH stablecoin, a blockchain, a crypto exchange, and a messenger to depend less on outside platforms.
A Long Enforcement Campaign
The FBI and other agencies repeatedly traced cyber-fraud proceeds to crypto addresses tied to the Huione Group. The funds then went through further laundering. The FBI also noted that crypto investment fraud complaints alone reported over $7.2 billion in losses in 2025.
Huione was already under U.S. pressure. Last October, the Treasury’s FinCEN cut the group off from the U.S. financial system, calling it a major money laundering risk. FinCEN linked Huione not only to crypto fraud but also to cyber heists attributed to North Korea. Its materials cite at least $4 billion in illicit inflows from August 2021 to January 2025, including at least $37 million from North Korea-linked attacks.
Sanctions and Successors
Alongside the new seizure, the Treasury sanctioned 9 individuals and 26 entities tied to the transnational crime structure Prince Group. FinCEN also proposed extending its earlier Huione ban to H-Pay Service PLC and any successor, since it assesses that H-Pay effectively continued Huione Pay’s role. Separately, the DOJ earlier charged Prince Group founder Chen Zhi and filed its largest-ever forfeiture claim, for about 127,271 BTC worth roughly $15 billion.
The seizure does not mean the whole ecosystem is gone, though. Elliptic reports more than 30 successor marketplaces already operating after the strikes on Huione. The largest, Xinbi Guarantee, has processed more than $24 billion in crypto assets. Sellers there offer the same services that Huione Guarantee’s participants once promoted.
Who Is Investigating
The FBI’s San Francisco field office and IRS Criminal Investigation are handling the case under Operation Riptide. The DOJ also thanked Chainalysis, Elliptic, and Google’s cybercrime team for voluntarily sharing data. The department urges cyber-fraud victims to report to the FBI’s Internet Crime Complaint Center (IC3), so investigators can trace stolen funds and build cases against the organizers.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
