DOJ Seizes Huione Cloud Backend in Strike Against Billions in Crypto Fraud Laundering

The DOJ seized a cloud account powering Huione Group's backend infrastructure, accused of laundering billions from crypto scams and cyber fraud via Telegram marketplaces and escrow services. The move builds on prior FinCEN sanctions and offers investigators valuable data on criminal networks. It signals deeper U.S. pressure on Southeast Asian laundering operations.
DOJ Seizes Huione Cloud Backend in Strike Against Billions in Crypto Fraud Laundering
Written by Lucas Greene

The U.S. Justice Department moved swiftly this week. It seized a cloud computing account that powered the backend systems of subsidiaries tied to the Cambodia-based Huione Group. Prosecutors say the infrastructure helped criminals shuffle proceeds from cryptocurrency investment frauds, romance scams and cyber heists across blockchains before funneling them into the conventional banking system without detection.

The action, announced Tuesday, targets what officials described as a technological backbone for one of the most active criminal marketplaces in Southeast Asia. The Justice Department detailed how subsidiaries, including Huione Guarantee also known as Haowang Guarantee, ran Telegram channels hawking stolen credit card data, identity information harvested by malware, services for procuring victims of human trafficking and escrow arrangements that cleaned dirty crypto gains. And the scale is staggering. FinCEN previously determined Huione laundered at least $4 billion in illicit proceeds between August 2021 and January 2025.

Short. Direct. This isn’t just another wallet seizure. The government went after the operational heart. The cloud account hosted the servers and tools that let these services function at volume. Investigators from the FBI’s San Francisco field office and IRS Criminal Investigation traced fraud proceeds directly to addresses linked to the group. Blockchain analytics firms supplied critical support. Chainalysis, Elliptic and Google’s CyberCrime Team all contributed intelligence that mapped the flows.

Assistant Attorney General A. Tysen Duva of the Criminal Division didn’t mince words. “Today’s seizure strikes a blow against one of the world’s most prolific criminal marketplaces,” he said in the official release. “Seizures of these marketplaces is critical in the fight against fraud.” U.S. Attorney Craig H. Missakian for the Northern District of California added that authorities “will not allow individuals or companies to exploit our country’s technology to defraud hardworking Americans.” FBI officials echoed the sentiment. One assistant director called it a demonstration of commitment to disrupt every layer of the illegal setup.

The move builds on years of pressure. Last October, Treasury’s Financial Crimes Enforcement Network labeled Huione Group a primary money laundering concern under the USA Patriot Act’s Section 311. It issued a final rule that severed the conglomerate from the U.S. financial system. That designation cited Huione’s role in laundering funds from Southeast Asian transnational criminal organizations running pig-butchering scams as well as some proceeds from North Korean state-sponsored cyber thefts. On the very day of this week’s seizure, FinCEN proposed expanding that rule to cover H-Pay Service PLC, viewed as a successor entity.

Huione Guarantee itself faced earlier disruption. Telegram shut down its main channels in 2025 after reports highlighted the open trade in stolen data and laundering tools. The group adapted. It regrouped through new platforms and even launched its own stablecoin, USDH, according to reporting that tracked the evolution. Yet the underlying infrastructure persisted. Until now.

Loss numbers tell a sobering story. The FBI’s Internet Crime Complaint Center logged $7.2 billion in victim losses from crypto fraud in 2025 alone. Total cyber-enabled crime losses reached $20 billion that year, a 26 percent jump. Much of that activity traces back to compounds in Cambodia, Myanmar and Laos where trafficked workers are forced to run sophisticated online scams. Huione sat at a key node. It provided the financial plumbing that turned stolen crypto into spendable dollars.

But the seizure carries limitations. Cloud accounts can be replaced. Front-end Telegram groups pop up under new names within days. The real value may lie in the data now accessible to investigators. Logs, user records and transaction details could map out networks that stretch from Southeast Asian scam centers to victims across the United States, Europe and beyond. FBI Assistant Director Heith Janke framed it that way. The action shows resolve to hit every component of these operations.

Recent coverage adds texture. The Record noted Cambodia’s separate arrest of a former Huione executive, Li Xiong, for potential extradition to China on related fraud and laundering charges. It also highlighted U.S. sanctions against a Cambodian senator and others tied to the scam economy. Chainalysis itself posted on X about the operation, stressing how the backend focus differs from past efforts that chased individual addresses or front-end sites. The firm said the move disrupts a key enabler and signals that foreign crypto operations aren’t beyond American reach.

Other outlets picked up the thread quickly. Cryptopolitan described the target as a Telegram-based crypto laundering marketplace that offered escrow for criminals. Bitcoin World and others emphasized potential access to user data that could fuel further probes. No single article captured the full picture. The DOJ release provides the official foundation. Reporting from Decrypt via Yahoo Finance adds operational color on the regrouping after Telegram’s crackdown. Together they paint a clearer view than any one piece.

This case fits a larger pattern. U.S. authorities have ratcheted up actions against infrastructure that supports cyber fraud. Operation Riptide, the FBI’s umbrella effort against these networks, has produced multiple takedowns. Earlier coordinated strikes with the U.K. targeted massive Southeast Asian scam rings and produced a record $15 billion bitcoin forfeiture tied to pig-butchering and forced-labor compounds. Huione featured prominently in those earlier FinCEN findings.

Still, challenges remain. Cambodia has taken some steps, including arrests. Regional cooperation varies. Many scam compounds operate with local protection or outright complicity. The technology itself evolves. Criminals shift to new mixers, privacy coins or decentralized platforms when centralized services face heat. The cloud provider whose account was seized has not commented publicly. Its identity remains shielded in official statements.

Compliance officers at exchanges and financial institutions are watching closely. The FinCEN rule already requires U.S. banks to block correspondent relationships linked to Huione or its proxies. This seizure adds teeth. It shows that even offshore infrastructure can be reached if it touches U.S. technology providers or serves American victims. Blockchain analytics have grown more sophisticated. Tools that once struggled with obfuscation now routinely link clusters of addresses to specific operators.

So what happens next? Investigators will dig through the seized data. Prosecutors may bring charges against identifiable individuals tied to the platform. Further sanctions or designations could follow if new entities surface. For the crypto industry the message is blunt. Services that facilitate laundering at this volume face real operational risk. Even if they sit outside traditional banking rails, the long arm of U.S. law enforcement can touch the underlying compute layer.

The Huione case didn’t emerge overnight. Years of blockchain tracing, victim complaints and intelligence sharing led here. It reflects a maturing strategy that pairs financial sanctions, criminal prosecutions and targeted infrastructure seizures. Billions moved through these channels. Trillions in potential future losses hang in the balance if the networks aren’t steadily dismantled. Tuesday’s action is one more step. Not the last.

Subscribe for Updates

CryptocurrencyPro Newsletter

The CryptocurrencyPro Email Newsletter is tailored for business leaders exploring how to integrate blockchain, digital currencies, and crypto into their operations.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us