“By the time HuiOne was forced offline, it had received more than $31 billion in cryptoasset transactions,” Elliptic reported — a scale that federal authorities say helped underwrite a sprawling online marketplace for fraud, money laundering, and even the physical control of scam-compound workers.
DoJ seizes cloud account that hosted HuiOne subsidiaries' backend
The U.S. Department of Justice on Tuesday announced the seizure of a cloud computing account used by subsidiaries of Cambodia-based HuiOne Group. According to the Justice Department, the account hosted backend infrastructure for those subsidiaries, including HuiOne Guarantee (aka Haowang Guarantee). The DoJ said the subsidiaries “assisted individuals and organizations in transferring proceeds of cryptocurrency investment frauds, cyber scams, and other criminal activities on cryptocurrency blockchains and allowing for the conversion of the proceeds of these schemes to the legitimate banking sector undetected.”
Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division framed the seizure as striking at a technological backbone that enabled large-scale laundering: “The HuiOne Group used this cloud computing account as part of a technological backbone that allowed billions in fraud proceeds to be transferred, moved, and concealed – much of it stolen through Southeast Asian scam centers.” The DoJ added that HuiOne Guarantee provided escrow services that facilitated transactions, including those by money launderers.
Marketplaces sold crimeware, laundering and tools for human control
HuiOne’s illicit Telegram-based marketplace reportedly traded a wide array of goods and services between 2021 and 2025. The DoJ listed offerings such as personal and financial data, money laundering services, web development for fraudulent investment platforms and phishing sites, procurement of individuals for human trafficking schemes, and software for face swapping, voice cloning, and deepfake-powered impersonation during video calls with victims.
Elliptic’s July 2024 analysis added that merchants on HuiOne marketed physical control tools — “tear gas, electric batons, and electronic shackles for use by scam compound operators” — and documented merchant language referring to “preventing escapers” and controlling “runaway dogs.” Elliptic noted that those working in the scam compounds “are commonly referred to as ‘dogs’ or ‘dog pushers.’”
Elliptic: scale unmatched — $31 billion and counting
Elliptic characterized HuiOne as the largest illicit online marketplace ever recorded, reporting it had received “more than $31 billion in cryptoasset transactions,” a volume the company said was “more than 25 times larger than Silk Road and AlphaBay combined.” That figure underpins the DoJ’s assertion that the platform channeled “considerable funds stolen by Southeast Asian scam centers” into broader financial networks.
Flare finds successor markets and adaptation after enforcement
Even as HuiOne claimed to cease operations in May 2025, a new analysis from Flare found more than 30 marketplaces emerged to fill the void. Flare reported operators have been building proprietary messaging platforms to bypass Telegram bans and reshaped channel branding and flows across successor markets.
“The wave of enforcement in 2025 was the first coordinated attempt to reach both the financial and physical layers of the ecosystem at the same scale,” Flare researcher Chris d’Eon said. “It has produced visible adaptation, including reshuffled channel branding, redistributed flows across successor markets, and accelerated work on alternative venues. However, it has not meaningfully reduced volume across the ecosystem in aggregate.”
Treasury and FinCEN actions: Prince Group sanctions and H‑Pay assessment
The Justice Department’s action came alongside U.S. Treasury moves that sanctioned nine individuals and 26 entities linked to Prince Group and targeted the group’s leadership, investors in scam compounds, and front companies. The Treasury said the sanctions came “a little over eight months after” Prince Group was classified as a Transnational Criminal Organization for its role in scams, fraud, and money laundering. Treasury also emphasized that “Transnational criminal organizations based in Southeast Asia, like the Prince Group TCO and with support of their enablers like HuiOne Group, continue to target Americans through large-scale cyber-enabled fraud and scam operations.”
Separately, FinCEN has assessed H‑Pay Service PLC as a primary money laundering concern to guard against “HuiOne Group’s attempts to circumvent being cut off from the U.S. financial system.” FinCEN previously designated HuiOne Group as a “primary money laundering concern” in May 2025. The Treasury announcement also noted that Prince Group’s chairman, Chen Zhi, “has since been arrested, extradited to China, and stripped of his Cambodian citizenship.”
How technologists, regulators, and victims are affected
- Technologists and security teams: Providers of cloud hosting and messaging infrastructure now face explicit scrutiny after the DoJ seizure showed a cloud account serving as a backend for illicit marketplaces. The Flare finding that operators are migrating to proprietary messaging platforms highlights how enforcement can spur technical adaptation that defenders will need to monitor.
- Policymakers and regulators: Treasury’s coordinated sanctions and FinCEN’s “primary money laundering concern” assessment signal a multi-pronged enforcement approach that pairs criminal seizure with financial restrictions aimed at cutting off laundering channels such as H‑Pay Service PLC.
- Victims and the public: The Treasury’s statement that these networks “continue to target Americans” underscores ongoing risk to individuals who may be lured by online investment schemes or targeted by deepfake-enabled impersonations tied to illicit marketplaces.
The seizure and sanctions amount to a coordinated push at both the technological and financial layers of a criminal ecosystem. But as Flare’s analysis makes clear, enforcement so far has prompted adaptation rather than collapse. The record in the public announcements leaves a pointed operational question: can sustained, multi-agency pressure — seizures, sanctions, and financial-designation tools — reduce the overall volume of illicit flows, or will successor markets and bespoke messaging grind on?
